Prerequisites for adding IBM MQ monitor via SSL

Prerequisites for adding IBM MQ monitor via SSL

To add the IBM monitor via SSL, please follow the required steps given below with respect to authentication type:

SSL Authentication is optional (One-way SSL)

If SSL Authentication is optional (One-way SSL), you need to load the MQ server's CA certificate to Applications Manager. Below are the steps to do so:
  1. Using IBM Key Manager Tool or runmqckm commands, load the MQ Server CA certificate to Applications Manager Truststore.
  2. Under IBM Key Manager Tool, open the IBM MQ Keystore.
  3. Under Personal certificates, select the certificate and click on Extract Certificate.
  4. Select Binary DER format and click on OK.
  5. If using commands, execute the following command:

    runmqckm -cert -extract -db filename -pw password -label label -target filename -format ascii

The certificate will now be created at the location specified.
  1. Now add the certificate to Applications Manager by navigating to Admin -> Manage Certificates -> Trust Certificates in the Applications Manager console.
  2. Select the Certificate option and choose apm.keystore as the truststore. Then select the certificate by clicking on Choose files button and click Import.

SSL Authentication is required (Two-way SSL)

If SSL Authentication is required (Two-way SSL), you need to load the MQ server's Certificate Keystore to Applications Manager. Below are the steps to do so:
  • Using IBM Key Manager Tool or runmqckm commands, load the MQ Server certificate keystore to Applications Manager Truststore.
  • Under IBM Key Manager Tool, open the IBM MQ Keystore.
  • Under Personal certificates, select the certificate and click on Export/Import.
  • Select Export key and select Key file type as JKS. Click OK.
  • If using commands, execute the following command:

    runmqckm -cert -export -db dbname -pw password -label label -type cms -target filename -target_pw password -target_type jks

The certificate keystore will be created now at the location specified.
  • Now add the keystore to Applications Manager by navigating to Admin -> Manage Certificates -> Trust Certificates in the Applications Manager console.
  • Select the Keystore/Truststore and choose apm.keystore as the truststore. Then select the JKS keystore by clicking on Choose file button, provide the password and click on Fetch certificate.
  • The certificates will be listed. Select the certificate and click on Import Certificate.
Finally, specify the Cipherspec used by the channel in the SSL Cipher Spec field in the Add Monitor page of the IBM WebSphere MQ monitor. 
Note: Elliptic curve certificate cannot be used with RSA ciphers and vice-versa. For more information, refer here 



      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products