Message Channel Agent (MCA) interception
MCA interception enables a queue manager running under IBM® MQ to selectively enable policies to be applied for server connection channels.
MCA interception allows clients that remain outside IBM MQ Advanced Message Security to still be connected to a queue manager and their messages to be encrypted and decrypted.
MCA interception is intended to provide IBM MQ AMS capability when IBM MQ AMS cannot be enabled at the client. Note that using MCA interception and an IBM MQ AMS-enabled client leads to double-protection of messages which might be problematic for receiving applications. For more information, see Disabling Advanced Message Security at the client.
Keystore configuration file
By default, the keystore configuration file for MCA interception is
keystore.conf
and is located in the .mqs directory in the HOME
directory path of the user who started the queue manager or the listener. The keystore can also be
configured by using the MQS_KEYSTORE_CONF environment variable. For more information about
configuring the IBM MQ AMS keystore, see Using keystores and certificates.
To enable MCA interception, you must provide the name of a channel that you want to use in the keystore configuration file. In the specific case of MCA Interception, only a cms keystore type can be used.
For an example on setting up MCA interception, see IBM MQ Advanced Message Security MCA interception example.
If your enterprise uses IBM i, and you selected a commercial Certificate Authority (CA) to sign your certificate, the Digital Certificate Manager creates a certificate request in PEM (Privacy-Enhanced Mail) format. You must forward the request to your chosen CA.
channelname
:
pem.certificate.channel.<channelname>