This will give you the label of the certificates in the jks. Ikeycmd -cert -list -db "client.jks" -pw clientpass To check that the certificate is in the jks In our case ‘ibmwebspheremqbob’ since our user is called Bob This has to be in the form of: ‘ibmwebspheremq’ + ‘client username’ (all lower case) One thing to note here is the label for the client certificate. Ikeycmd -cert -create -db "client.jks" -pw clientpass -label ibmwebspheremqbob -dn "CN=bob,OU=bob,O=Bobs Company,C=SE" -expire 365 Ikeycmd -keydb -create -db "client.jks" -pw clientpass -type jks Time to create the client certificate and place it into a jksįor this I am going to use the ikeycmd program shipped with MQ (/java/jre64/jre/bin/ikeycmd)
Setmqaut -m MYQM01 -t queue -n MYQUEUE -p bob -all +put +getĬonnect and inquiry for the queue manager and get and put on our example queue.Ĭ. Setmqaut -m MYQM01 -t qmgr -p bob -all +connect +inq I am here going to use the setmqaut program but you can also use MQExplorer if you like a GUI more Now we need to grant this user some basic privileges * Bob does not need login privileges on OS level (/sbin/nologin)ī. * Bob should NOT be a member of the mqm group since it would make him a privileged user (and privileged users are blocked by default) * Bob needs to be created on OS level since this is what IBM MQ uses to authorise users Create a new user that the client can use to connect with. Time to start creating the user to use for thisĪ.
IBM MQ CLIENT 7.0.1.9 CODE
The source code for the Java client can be found below. I’m going to use self-signed certificates in this example to eliminate any certificate chain problems. This time it is for connecting to IBM MQ with a Java client over SSL.