Verify TLS/SSL channel authentication


Information icon Channel (<channel name>) is not using TLS/SSL

The specified channel does not have a value specified for the CipherSpec attribute. This attribute is mandatory if you want your channel to use TLS/SSL.

This is only an error if you are intending to use TLS/SSL with your channels.

This test is intended for use in environments where TLS/SSL is in use, to help ensure that no channels have been missed.

Warning icon Channel (<channel name>) specifies a value for the CipherSpec attribute which is ignored on non-TCP channels

The CipherSpec (SSLCIPH) attribute is valid only for channels that use TCP transport. If the channel does not use TCP, the data is ignored and no error message is issued; the CipherSpec attribute is redundant.

Warning icon Channel (<channel name>) specifies a value for the CipherSpec attribute but has no peer name specified and has no matching SSLPEERMAP channel authentication records

The specified channel has a value specified for the CipherSpec attribute, but does not have a value specified for the PeerName attribute, and has no matching SSLPEERMAP channel authentication records. If the remote system provides a valid certificate, access is granted and the Distinguished Name in the certificate is not checked.

This is only an error if you are intending to authenticate on the basis of TLS/SSL Distinguished Names.

The TLS/SSL peer name channel attribute is specified to the MQ Explorer by ticking the Accept only certificates with Distinguished Names matching these values box. It is also often referred to as the SSLPEER attribute.