SSL properties
Use SSL or TLS withIBM® MQ and IBM MQ Managed File Transfer to prevent unauthorized connections between agents and queue managers, and to encrypt message traffic between agents and queue managers.
For information about using SSL with IBM MQ Managed File Transfer, see Configuring SSL or TLS encryption for IBM MQ Managed File Transfer.
For IBM WebSphere® MQ V7.5 or later, there is the ability for environment variables to be used in some Managed File Transfer properties that represent file or directory locations. This allows the locations of files or directories that are used when running parts of the product to vary depending on environment changes, such as which user is running the process. For more information, see The use of environment variables in IBM MQ Managed File Transfer properties.
| Property name | Description | Default value |
|---|---|---|
| agentSslCipherSpec | Specifies the protocol, hash algorithm, and encryption algorithm that is
used, and how many bits are used in the encryption key, when data is exchanged between the agent and
the agent queue manager.
The value of agentSslCipherSpec is a CipherSpec name. This CipherSpec name is the same as the CipherSpec name used on the agent queue manager channel. A list of valid CipherSpec names is included in SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for Java and SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS. agentSslCipherSpec is similar to agentSslCipherSuite. If both agentSslCipherSuite and agentSslCipherSpec are specified, the value of agentSslCipherSpec is used. |
None |
| agentSslCipherSuite | Specifies SSL aspects of how the agent and
the agent queue manager exchange data. The value of agentSslCipherSuite is a CipherSuite name. The CipherSuite name maps to the CipherSpec name used on the agent queue manager channel. For more information, see CipherSuite and CipherSpec name mappings. agentSslCipherSuite is similar to agentSslCipherSpec. If both agentSslCipherSuite and agentSslCipherSpec are specified, the value of agentSslCipherSpec is used. |
None |
| agentSslPeerName | Specifies a distinguished name skeleton that must match the name that is provided by the agent queue manager. The distinguished name is used to check the identifying certificate that is presented by the queue manager on connection. | None |
| agentSslTrustStore | Specifies the location of the certificates
that the agent trusts. The value of agentSslTrustStore is a file path.
If it is a Windows file path
the backslash character (\) must be escaped (\\). For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
None |
| agentSslKeyStore | Specifies the location of the private key
of the agent. The value of agentSslKeyStore is a file path. If it
is a Windows file path the
backslash character (\) must be escaped (\\). This property is only
required if the agent queue manager requires client authentication. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
None |
| agentSslFipsRequired | Specifies that you want to enable FIPS support at the level of the agent. The value of this property can be true or false. For more information, see FIPS support. | false |
| agentSslKeyStoreType | The type of SSL keystore you want to use. JKS and PKCS#12 keystores are supported. The value of this property can be either jks or pkcs12. | jks |
| agentSslKeyStoreCredentialsFile | The path to the file that contains the agentSslKeyStore
credential. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
The default value for this property is %USERPROFILE%\MQMFTCredentials.xml on Windows, f:/adxetc/mft75/mqft/config/mqmftcredentials.xml on IBM 4690, and $HOME/MQMFTCredentials.xml on other platforms. |
| agentSslTrustStoreType | The type of SSL keystore you want to use. JKS and PKCS#12 keystores are supported. The value of this property can be either jks or pkcs12. | jks |
| agentSslTrustStoreCredentialsFile | The path to the file that contains the agentSslTrustStore
credential. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
The default value for this property is %USERPROFILE%\MQMFTCredentials.xml on Windows, f:/adxetc/mft75/mqft/config/mqmftcredentials.xml on IBM 4690, and $HOME/MQMFTCredentials.xml on other platforms. |
| Property name | Description | Default value |
|---|---|---|
| coordinationSslCipherSpec | Specifies the protocol, hash algorithm, and encryption algorithm that is
used, and how many bits are used in the encryption key, when data is exchanged between the commands
and the coordination queue manager. The value of coordinationSslCipherSpec is a CipherSpec name. This CipherSpec name is the same as the CipherSpec name used on the coordination queue manager channel. A list of valid CipherSpec names is included in SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for Java and SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS. coordinationSslCipherSpec is similar to coordinationSslCipherSuite. If both coordinationSslCipherSuite and coordinationSslCipherSpec are specified, the value of coordinationSslCipherSpec is used. |
None |
| coordinationSslCipherSuite | Specifies SSL aspects of how the commands
and the coordination queue manager exchange data. The value of coordinationSslCipherSuite is a CipherSuite name. The CipherSuite name maps to the CipherSpec name used on the agent queue manager channel. For more information, see CipherSuite and CipherSpec name mappings. coordinationSslCipherSuite is similar to coordinationSslCipherSpec. If both coordinationSslCipherSuite and coordinationSslCipherSpec are specified, the value of coordinationSslCipherSpec is used. |
None |
| coordinationSslPeerName | Specifies a distinguished name skeleton that must match the name that is provided by the coordination queue manager. The distinguished name is used to check the identifying certificate that is presented by the coordination queue manager on connection. | None |
| coordinationSslTrustStore | Specifies the location of the certificates
that the commands trust. The value of coordinationSslTrustStore is
a file path. If it is a Windows file path, the backslash character (\) must be escaped (\\). For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
None |
| coordinationSslTrustStoreType | The type of SSL keystore you want to use. JKS and PKCS#12 keystores are supported. The value of this property can be either jks or pkcs12. | jks |
| coordinationSslTrustStoreCredentialsFile | The path to the file that contains the coordinationSslTrustStore
credentials. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
The default value for this property is %USERPROFILE%\MQMFTCredentials.xml on Windows, f:/adxetc/mft75/mqft/config/mqmftcredentials.xml on IBM 4690, and $HOME/MQMFTCredentials.xml on other platforms. |
| coordinationSslKeyStore | Specifies the location of the private key
of the commands. The value of coordinationSslKeyStore is a file path.
If it is a Windows file path,
the backslash character (\) must be escaped (\\). This property is
only required if the coordination queue manager requires client authentication. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
None |
| coordinationSslKeyStoreType | The type of SSL keystore you want to use. JKS and PKCS#12 keystores are supported. The value of this property can be either jks or pkcs12. | jks |
| coordinationSslKeyStoreCredentialsFile | The path to the file that contains the coordinationSslKeyStore
credentials. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
The default value for this property is %USERPROFILE%\MQMFTCredentials.xml on Windows, f:/adxetc/mft75/mqft/config/mqmftcredentials.xml on IBM 4690, and $HOME/MQMFTCredentials.xml on other platforms. |
| coordinationSslFipsRequired | Specifies that you want to enable FIPS support at the level of the coordination queue manager. The value of this property can be true or false. For more information, see FIPS support. | false |
| Property name | Description | Default value |
|---|---|---|
| connectionSslCipherSpec | Specifies the protocol, hash algorithm, and encryption algorithm that is
used, and how many bits are used in the encryption key, when data is exchanged between the commands
and the command queue manager. The value of connectionSslCipherSpec is a CipherSpec name. This CipherSpec name is the same as the CipherSpec name used on the command queue manager channel. A list of valid CipherSpec names is included in SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for Java and SSL/TLS CipherSpecs and CipherSuites in IBM MQ classes for JMS. connectionSslCipherSpec is similar to connectionSslCipherSuite. If both connectionSslCipherSuite and connectionSslCipherSpec are specified, the value of connectionSslCipherSpec is used. |
None |
| connectionSslCipherSuite | Specifies SSL aspects of how the commands
and the command queue manager exchange data. The value of connectionSslCipherSuite is a CipherSuite name. The CipherSuite name maps to the CipherSpec name used on the agent queue manager channel. For more information, see CipherSuite and CipherSpec name mappings. connectionSslCipherSuite is similar to connectionSslCipherSpec. If both connectionSslCipherSuite and connectionSslCipherSpec are specified, the value of connectionSslCipherSpec is used. |
None |
| connectionSslPeerName | Specifies a distinguished name skeleton that must match the name that is provided by the command queue manager. The distinguished name is used to check the identifying certificate that is presented by the command queue manager on connection. | None |
| connectionSslTrustStore | Specifies the location of the certificates
that the commands trust. The value of connectionSslTrustStore is a
file path. If it is a Windows file path, the backslash character (\) must be escaped (\\). For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
None |
| connectionSslTrustStoreType | The type of SSL truststore you want to use. JKS and PKCS#12 keystores are supported. The value of this property can be either jks or pkcs12. | jks |
| connectionSslTrustStoreCredentialsFile | The path to the file that contains the connectionSslTrustStore
credentials. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
The default value for this property is %USERPROFILE%\MQMFTCredentials.xml on Windows, f:/adxetc/mft75/mqft/config/mqmftcredentials.xml on IBM 4690, and $HOME/MQMFTCredentials.xml on other platforms. |
| connectionSslKeyStore | Specifies the location of the private key
of the commands. The value of connectionSslKeyStore is a file path.
If it is a Windows file path,
the backslash character (\) must be escaped (\\). This property is
only required if the command queue manager requires client authentication. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
None |
| connectionSslKeyStoreType | The type of SSL keystore you want to use.
JKS and PKCS#12 keystores are supported. The value of this property
can be either jks or pkcs12. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
jks |
| connectionSslKeyStoreCredentialsFile | The path to the file that contains the connectionSslKeyStore
credentials. For IBM WebSphere MQ V7.5 or later, the value of this property can contain environment variables. |
The default value for this property is %USERPROFILE%\MQMFTCredentials.xml on Windows, f:/adxetc/mft75/mqft/config/mqmftcredentials.xml on IBM 4690, and $HOME/MQMFTCredentials.xml on other platforms. |
| connectionSslFipsRequired | Specifies that you want to enable FIPS support at the level of the command queue manager. The value of this property can be true or false. For more information, see FIPS support. | false |