IBM WebSphere MQ SSL Delivery Method

IBM WebSphere MQ is also known as IBM MQ. For information on connecting to IBM WebSphere MQ in a non-SSL way, refer to JMS Delivery Method here. This delivery option is only available in OIEPs.

Prerequisites

Changes to the properties file, outlined below, are implemented when the server is restarted.

Prior to configuration, clicking a dropdown parameter in the 'Edit Delivery Configuration' dialog displays the property name required to supply values that populate the parameter.

Note: In the sharedconfig.properties file, a sequential numbered designation (1=, 2=, etc.) indicates that an entry should display in the UI. This allows multiple values to be stored for a single property and is required even when a single value should be displayed. If property values, such as passwords, should not be displayed in the UI, exclude the numbered designation, as shown in the password examples below.

The numbered designation indicates the order that the options are displayed in the dropdown. For example: <Property name>=1=<Value 1>,2=<Value 2>,3=<Value 3>. Using these numbered designations results in the dropdown showing values in the following order: <Value 1>,<Value 2>,<Value 3>.

As required, configure the following case-sensitive properties in the sharedconfig.properties on the STEP application server:

  1. For Connection URL, set the WSMQSSLProviderURL property, as shown below.

    Use the [host]:[port]/[channel] format as defined:

    • [host] = hostname or IP of the WebSphere MQ server; in the follow example this is 10.46.88.75

    • [port] = port number for the channel; in the follow example this is 1415

    • [channel] = name of the channel; in the follow example this is BASE.CTL.SVRCONN

    WSMQSSLProviderURL=1=10.46.88.75:1415/BASE.CTL.SVRCONN
  2. For Queue Manager, set the WSMQSSLQueueManager property, as shown below.

    WSMQSSLQueueManager=1=HV088B
  3. For Queue Name, set the WSMQSSLQueue property, as shown below.

    WSMQSSLQueue=1=LIVE.KITT
  4. For Key Store, set the WSMQSSLKeyStoreLocation property, as shown below.

    Use the jks format with the personal certificate for the Queue Manager. To generate this, refer to the IBM WebSphere MQ online help. To indicate a URL and not a path, prefix the Key Store with 'file:'.

    WSMQSSLKeyStoreLocation=1=file:/workarea/keystore.jks
    
  5. For Key Store Password, set the WSMQSSLKeyStorePassword property, as shown below.

    The password can be configured in sharedconfig.properties file or can be typed directly into the parameter. When the parameter is blank, the password from the property is used.

    To prevent the password (or any other selections) from displaying in the UI, do not include a numbered designation.

    WSMQSSLKeyStorePassword=Pa55w0rd1
  6. For Trust Store, set the WSMQSSLTrustStoreLocation property, as shown below.

    This can be the same file as key store. To generate this, refer to the IBM WebSphere MQ online help. As shown below, prefix the Trust Store with 'file:' to indicate a URL, not a path.

    WSMQSSLTrustStoreLocation=1=file:/workarea/truststore.jks
    
  7. For Trust Store Password, set the WSMQSSLTrustStorePassword property, as shown below.

    The password can be configured in sharedconfig.properties file or can be typed directly into the parameter. When the parameter is blank, the password from the property is used.

    To prevent the password (or any other selections) from displaying in the UI, do not include a numbered designation.

    WSMQSSLTrustStorePassword=Pa55w0rd2
  8. For Cipher Suite, set the WSMQSSLCipherSuite property, as shown below.

    STEP is running on non-IBM JRE, so this must be the same value as configured in the Queue Manager.

    WSMQSSLCipherSuite=1=CTL_RSA_WITH_AES_256
  9. Contact your IT team to create a trust and key store and copy all URL certificates to the trust and key store.

Example of all property entries

WSMQSSLProviderURL=1=10.46.88.75:1415/BASE.CTL.SVRCONN
WSMQSSLQueueManager=1=HV088B
WSMQSSLQueue=1=LIVE.KITT
WSMQSSLKeyStoreLocation=1=/workarea/key.jks
WSMQSSLKeyStorePassword=Pa55w0rd1
WSMQSSLTrustStoreLocation=1=/workarea/key.jks
WSMQSSLTrustStorePassword=Pa55w0rd2
WSMQSSLCipherSuite=1=CTL_RSA_WITH_AES_256

Configuration

For information on a parameter, hover over the parameter field to display help text.

  1. In the Select Delivery Method field, choose IBM Websphere MQ SSL Delivery.

  2. In Connection URL, select the URL for the connection.

  3. In Queue Manager, select the name of the Queue Manager.

  4. In Queue Name, select the name of the Queue for the connection.

  5. In Binary Payload, select 'Yes' if the message contents will be in a binary format (such as Excel).

  6. In User Name, if required, enter the user name to be used with this integration.

  7. In Password, if required, enter the password to be used with this integration.

  8. In Key Store, select the keystore in jks format, with the personal certificate for the Queue Manager.

  9. In Key Store Password, leave the parameter blank to use the password from the sharedconfig.properties file, or manually type in a password.

  10. In Trust Store, select the trust store with the CA for the Queue Manager.

  11. In Trust Store Password, leave the parameter blank to use the password from the sharedconfig.properties file, or manually type in a password.

  12. In Cipher Suite, set to the same value as SSL CipherSuite in WebSphere MQ.

  13. If Additional Parameters are required, click the Add parameter link and enter the Key and the Value. For valid keys and values, refer to the IBM WebSphere MQ online help.

  14. On the Edit Delivery Configuration dialog, click the OK button to save the delivery method.