IBM MQ 8.0 was EOS 30th April 2020.Click EOS notice for more details
Connecting two queue managers using one-way authentication
Follow these sample instructions to modify a system with mutual authentication to allow a queue manager to connect using one-way authentication to another; that is, when the SSL or TLS client does not send a certificate.
Optional:
On QM1, if any SSL or TLS channels have run previously, refresh the SSL or TLS environment , as described in Refreshing the SSL or TLS environment.
Key repositories and channels are changed as illustrated in Figure 1
If the sender channel was not running, start it.
Note: If the sender channel was running and you issued the REFRESH SECURITY TYPE(SSL) command (in step 2), the channel restarts automatically.
At the server end of the channel, the presence of the peer name parameter value on the channel status display indicates that a client certificate has flowed.
Verify that the task has been completed successfully by issuing some DISPLAY commands.
If the task was successful, the resulting output is similar to that shown in the following examples:
From the QM1 queue manager, enter the following command:
DISPLAY CHS(TO.QM2) SSLPEER SSLCERTI
The resulting output will be similar to the following
example:
On QM2, the SSLPEER field is empty, showing that QM1
did not send a certificate. On QM1, the value of SSLPEER matches that
of the DN in QM2's personal certificate.