IBM Support

IBM MQ and SSL/TLS Demystified Part 1: Troubleshooting MQ Certificate Issues

White Papers


Abstract

The objective of this technical document is to provide information on Troubleshooting IBM MQ SSL/TLS issues.
In this Part 1, we will deal specifically with SSL Keystore and certificate issues.

Content

Table of Contents:

Overview:
Part 1 - Troubleshooting MQ certificate issues
Some MQ SSL Basics
SSL Server/Client
A simplistic view of a certificate
Basic MQ Management commands
Simplified MQ certificate process
Troubleshooting Keystore/Certificate issues
I - Certificate keystore exists and is valid/accessible
II - Certificates exist, Certificate names are correct
III - Certificate chain to a CA Root certificate exists and is valid
IV - Certificates are marked as "Trusted"
V - Certificate dates are good.
VI - Certificates are not revoked.
VII - Remote certificate passed during SSL negotiation is validated.
VIII – Ensure the correct signer certificates were exchanged
+++ See attached PDF file:
++ Additional Information:
tags: "MQ SSL"; "MQ TLS"; MQSSL; MQTLS
+++ end +++

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
26 October 2023

UID

swg27048145