Setting up communications for SSL or TLS on IBM i
Secure communications that use the SSL or TLS cryptographic security protocols involve setting up the communication channels and managing the digital certificates that you will use for authentication.
To set up your SSL or TLS installation you must define your channels to use SSL or TLS. You must also create and manage your digital certificates. On some operating systems, you can perform the tests with self-signed certificates. However, on IBM® i, you must use personal certificates signed by a local CA.
For full information about creating and managing certificates, see Working with SSL or TLS on IBM i.
This collection of topics introduces some of the tasks involved in setting up SSL or TLS communications, and provides step-by-step guidance on completing those tasks
You might also want to test SSL or TLS client authentication, which are optional parts of the SSL and TLS protocols. During the SSL or TLS handshake, the SSL or TLS client always obtains and validates a digital certificate from the server. With the IBM MQ implementation, the SSL or TLS server always requests a certificate from the client.
- For a queue manager,
ibmwebspheremq
followed by the name of your queue manager changed to lowercase. For example, forQM1
,ibmwebspheremqqm1
. - For an IBM MQ C Client for IBM i,
ibmwebspheremq
followed by your logon user ID changed to lowercase, for exampleibmwebspheremqmyuserid
.
ibmwebspheremq
prefix on a label to avoid confusion with certificates for other products. Ensure that you specify
the entire certificate label in lowercase.The SSL or TLS server always validates the client certificate if one is sent. If the SSL or TLS client does not send a certificate, authentication fails only if the end of the channel acting as the SSL or TLS server is defined with either the SSLCAUTH parameter set to REQUIRED or an SSLPEER parameter value set. For more information, see Connecting two queue managers using SSL or TLS.