System security for a connection between service integration and a WebSphere® MQ network is provided by the Transport Level Security (TLS) and Secure Sockets Layer (SSL) protocols.
When WebSphere Application Server uses SSL, the administrator must create an SSL repertoire, a channel and a transport chain. The transport chain must be referenced by the WebSphere MQ server through the server's transport chain attribute, and must also be a trusted transport for the service integration bus to which the WebSphere MQ server belongs. The default setting is for service integration buses to trust only the SSL transport.
wsadmin>set tcs [$AdminConfig list TransportChannelService]
$AdminConfig create TCPOutboundChannel $tcs "{name MyWMQChain.TCP}"
wsadmin>set ssl
$AdminConfig create SSLOutboundChannel $tcs "{name MyWMQChain.SSL} {sslConfigAlias MyRepertoire}"] wsadmin>set rmq
$AdminConfig create RMQOutboundChannel $tcs "{name MyWMQChain.RMQ}"
wsadmin>set tcp
wsadmin>$AdminConfig create Chain $tcs "{name MyWMQChain} {enable true} {transportChannels {$rmq $ssl $tcp}}This example creates a transport chain suitable for connecting a WebSphere MQ server to WebSphere MQ using SSL. The chain is called MyWMQChain, and uses an SSL repertoire called MyRepertoire.
WebSphere MQ uses a single cipher suite only for securing connections to a queue manager, although WebSphere Application Server SSL repertoires allow you to specify multiple cipher suites. Each cipher suite is tried sequentially until a successful connection is established, or until all the cipher suites have been tried. The most recent cipher suite that allowed a successful connection is cached on a WebSphere MQ server bus member basis, and is tried first on subsequent connection attempts.
When transport security is enabled, the transport chain used for connections to WebSphere MQ must be a permitted chain otherwise it is not possible to establish a connection to WebSphere MQ.