WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Configuring TCP/IP client nodes to use SSL

Configure a TCP/IP configuration to use SSL to secure connectivity to and from the TCPIP client nodes.

You can create or modify TCP/IP client connections that use SSL, by creating or modifying a configurable service. You can specify the type of protocol, and the allowed cipher suites. By default, SSL is not enabled for any configurable services. The nodes use the standard broker keystore and truststore configuration.

Before you start: Set up a public key infrastructure (PKI) at broker or execution group level by following the instructions in Setting up a public key infrastructure.

Changing a TCP/IP client configuration to use SSL

Use the mqsichangeproperties command to change an existing TCPIPClient configurable service.

  1. The following command specifies that the myTCPIPClientService configurable service must use SSLv3 as the protocol, with any available cipher suite.
    mqsichangeproperties MYBROKER 
      -c TCPIPClient 
      -o myTCPIPClientService 
      -n SSLProtocol 
      -v SSLv3
  2. Restart the execution group that contains the message flows.

Creating a TCP/IP client configuration that uses SSL

Use the mqsicreateconfigurableservice command to create a TCPIPClient configurable service.

  1. The following command creates a TCPIPClient configurable service for making connections on port 1455 on the local machine. It uses the SSL protocol SSLv3 with a specific list of allowed cipher suites.
    mqsicreateconfigurableservice MYBROKER 
      -c TCPIPClient 
      -o myTCPIPClientService
      -n Port,Hostname,SSLProtocol,SSLCiphers 
      -v 1455,localhost,SSLv3,SSL_RSA_WITH_RC4_128_MD5;
         SSL_RSA_WITH_3DES_EDE_CBC_SHA
  2. Restart the execution group that contains the message flows.

Testing your configuration

Use either a TCPIPClientInput node, or a TCPIPClientOutput node to open a connection to a remote SSL server application that is listening on a TCP/IP port.
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:24


Task topicTask topic | Version 8.0.0.7 | bp34100_