Prerequisites for adding IBM MQ monitor via SSL

Prerequisites for adding IBM MQ monitor via SSL

To add the IBM monitor via SSL, please follow the required steps given below with respect to authentication type:

SSL Authentication is optional (One-way SSL)

If SSL Authentication is optional (One-way SSL), you need to load the MQ server's CA certificate to Applications Manager. Below are the steps to do so:
  1. Using IBM Key Manager Tool or runmqckm commands, load the MQ Server CA certificate to Applications Manager Truststore.
  2. Under IBM Key Manager Tool, open the IBM MQ Keystore.
  3. Under Personal certificates, select the certificate and click on Extract Certificate.
  4. Select Binary DER format and click on OK.
  5. If using commands, execute the following command:

    runmqckm -cert -extract -db filename -pw password -label label -target filename -format ascii

The certificate will now be created at the location specified.
  1. Now add the certificate to Applications Manager by navigating to Admin -> Manage Certificates -> Trust Certificates in the Applications Manager console.
  2. Select the Certificate option and choose apm.keystore as the truststore. Then select the certificate by clicking on Choose files button and click Import.

SSL Authentication is required (Two-way SSL)

If SSL Authentication is required (Two-way SSL), you need to load the MQ server's Certificate Keystore to Applications Manager. Below are the steps to do so:
  • Using IBM Key Manager Tool or runmqckm commands, load the MQ Server certificate keystore to Applications Manager Truststore.
  • Under IBM Key Manager Tool, open the IBM MQ Keystore.
  • Under Personal certificates, select the certificate and click on Export/Import.
  • Select Export key and select Key file type as JKS. Click OK.
  • If using commands, execute the following command:

    runmqckm -cert -export -db dbname -pw password -label label -type cms -target filename -target_pw password -target_type jks

The certificate keystore will be created now at the location specified.
  • Now add the keystore to Applications Manager by navigating to Admin -> Manage Certificates -> Trust Certificates in the Applications Manager console.
  • Select the Keystore/Truststore and choose apm.keystore as the truststore. Then select the JKS keystore by clicking on Choose file button, provide the password and click on Fetch certificate.
  • The certificates will be listed. Select the certificate and click on Import Certificate.
Finally, specify the Cipherspec used by the channel in the SSL Cipher Spec field in the Add Monitor page of the IBM WebSphere MQ monitor. 
Note: Elliptic curve certificate cannot be used with RSA ciphers and vice-versa. For more information, refer here 
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • I am getting "Unable to connect via SSL" error. What could be the reason ?

                        Please check if you have followed the prerequisites for adding IBM Websphere MQ monitor via SSL.   "Unable to connect via SSL" error could occur due to following reasons : SSL is enabled for the channel, but SSL Enabled option is not selected in ...

                      • LDAP - Unable to find valid SSL Certificate

                        If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue. When the error occurs we can find the below traces in the "stderr.txt.*" log ...

                      • Best Practices in adding Microsoft 365 monitor

                        From Applications Manager version 16300 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. We have migrated from PowerShell to Graph API as Microsoft 365 PowerShell commands were taking more time to ...

                      • What are the prerequisites required to monitor 'Top 10 Queries By CPU' in PostgreSQL monitor?

                        1. Include the below lines in postgrsql.conf file located in <Data DIRECTORY>: shared_preload_libraries = 'pg_stat_statements' pg_stat_statements.track = all 2. Execute the below commands in psql shell: CREATE EXTENSION pg_stat_statements; 3. Restart ...

                      • Troubleshooting URL Monitor

                        Here are few of the common errors you may come across in URL monitor, we have mentioned the steps you can follow to troubleshoot them. General troubleshooting for URL monitor Ensure that the URL is accessible from the server in which Applications ...

                        Related Products