Message Channel Agent (MCA) interception
MCA interception enables a queue manager running under IBM® WebSphere® MQ to selectively enable policies to be applied for server connection channels.
MCA interception allows clients that remain outside IBM WebSphere MQ AMS to still be connected to a queue manager and their messages to be encrypted and decrypted.
MCA interception is intended to provide IBM WebSphere MQ AMS capability when IBM WebSphere MQ AMS cannot be enabled at the client. Note that using MCA interception and an IBM WebSphere MQ AMS-enabled client leads to double-protection of messages which might be problematic for receiving applications.
If a 2085 (MQRC_UNKNOWN_OBJECT_NAME) error is reported if you are using a Version 7.5 or later client to connect to a queue manager from an earlier version of the product, you need to disable IBM WebSphere MQ Advanced Message Security at the client. For more information, see Disabling IBM WebSphere MQ Advanced Message Security at the client.
Keystore configuration file
By default, the keystore configuration file for MCA interception is
keystore.conf
and is located in the .mqs directory in the HOME
directory path of the user who started the queue manager or the listener. The keystore can also be
configured by using the MQS_KEYSTORE_CONF environment variable. For more information about
configuring the IBM WebSphere MQ AMS keystore,
see Using keystores and certificates.
To enable MCA interception, you must provide the name of a channel that you want to use in the keystore configuration file. For MCA interception, only a cms keystore type can be used.
For an example of setting up MCA interception, see IBM WebSphere MQ AMS MCA interception example.