Usage guide

Prior to using queue-based security, WebSphere MQ Everyplace owned authenticatable entities must have credentials. This is achieved by completing the correct configuration so that auto-registration of queue managers is triggered. This requires the following steps:

  1. Setup and start an instance of WebSphere MQ Everyplace mini-certificate issuance service.
  2. Using MQe_MiniCertificateServer, add the name of the queue manager as a valid authenticatable entity, and the entity's one-time-use certificate request PIN.
  3. Configure MQePrivateClient1.ini and MQePrivateServer1.ini so that when queue managers are created using SimpleCreateQM, auto-registration is triggered. This section explains which keywords are required in the registry section of the ini files, and where to use the entity's one-time-use certificate request PIN.

Prior to using message-level security to protect messages using MQeMTrustAttribute, the application must use private registry services to ensure that the initiating and recipient entities have credentials. This requires the following steps:

  1. Setup and start an instance of WebSphere MQ Everyplace mini-certificate issuance service.
  2. Add the name of the application entity, and allocate the entity a one-time-use certificate request PIN.
  3. Use a program similar to the pseudo-code fragment below to trigger auto-registration of the application entity . This creates the entity's credentials and saves them in its private registry.
	/* SIMPLE MQePrivateRegistry FRAGMENT*/
    try 
       {
       /* setup PrivateRegistry parameters  */
       String EntityName   			= "Bruce";
       String EntityPIN          	= "11111111";
       Object KeyRingPassword     	= "It_is_a_secret";
       Object CertReqPIN          	= "12345678";
       Object CAIPAddrPort        	= "9.20.X.YYY:8082";
       /* instantiate and activate a 
				Private Registry. */
       MQePrivateRegistry preg  = new MQePrivateRegistry( );
       preg.activate( EntityName,        
			/* entity name                */
                      ".//MQeNode_PrivateRegistry", 
			/* directory root  */
                      EntityPIN,        
			/* private reg access PIN     */
                      KeyRingPassword,  
			/* private credential keyseed */
                      CertReqPIN,        
			/* on-time-use Cert Req PIN   */
                      CAIPAddrPort );    
			/* addr and port MiniCertSvr  */
       trace(">>> PrivateRegistry activated OK ..."); 
       }
    catch (Exception e)
       {
       e.printStackTrace( );
       }
 


© IBM Corporation 2002. All Rights Reserved