Prerequisites for adding IBM MQ monitor via SSL

Prerequisites for adding IBM MQ monitor via SSL

To add the IBM monitor via SSL, please follow the required steps given below with respect to authentication type:

SSL Authentication is optional (One-way SSL)

If SSL Authentication is optional (One-way SSL), you need to load the MQ server's CA certificate to Applications Manager. Below are the steps to do so:
  1. Using IBM Key Manager Tool or runmqckm commands, load the MQ Server CA certificate to Applications Manager Truststore.
  2. Under IBM Key Manager Tool, open the IBM MQ Keystore.
  3. Under Personal certificates, select the certificate and click on Extract Certificate.
  4. Select Binary DER format and click on OK.
  5. If using commands, execute the following command:

    runmqckm -cert -extract -db filename -pw password -label label -target filename -format ascii

The certificate will now be created at the location specified.
  1. Now add the certificate to Applications Manager by navigating to Admin -> Manage Certificates -> Trust Certificates in the Applications Manager console.
  2. Select the Certificate option and choose apm.keystore as the truststore. Then select the certificate by clicking on Choose files button and click Import.

SSL Authentication is required (Two-way SSL)

If SSL Authentication is required (Two-way SSL), you need to load the MQ server's Certificate Keystore to Applications Manager. Below are the steps to do so:
  • Using IBM Key Manager Tool or runmqckm commands, load the MQ Server certificate keystore to Applications Manager Truststore.
  • Under IBM Key Manager Tool, open the IBM MQ Keystore.
  • Under Personal certificates, select the certificate and click on Export/Import.
  • Select Export key and select Key file type as JKS. Click OK.
  • If using commands, execute the following command:

    runmqckm -cert -export -db dbname -pw password -label label -type cms -target filename -target_pw password -target_type jks

The certificate keystore will be created now at the location specified.
  • Now add the keystore to Applications Manager by navigating to Admin -> Manage Certificates -> Trust Certificates in the Applications Manager console.
  • Select the Keystore/Truststore and choose apm.keystore as the truststore. Then select the JKS keystore by clicking on Choose file button, provide the password and click on Fetch certificate.
  • The certificates will be listed. Select the certificate and click on Import Certificate.
Finally, specify the Cipherspec used by the channel in the SSL Cipher Spec field in the Add Monitor page of the IBM WebSphere MQ monitor. 
Note: Elliptic curve certificate cannot be used with RSA ciphers and vice-versa. For more information, refer here 



      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • I am getting "Unable to connect via SSL" error. What could be the reason ?

                      Please check if you have followed the prerequisites for adding IBM Websphere MQ monitor via SSL.   "Unable to connect via SSL" error could occur due to following reasons : SSL is enabled for the channel, but SSL Enabled option is not selected in ...

                    • DNS Monitor - Troubleshooting

                      Common DNS Monitor Errors and Troubleshooting Guide 1. Host Not Found Description: The DNS server was unable to locate the requested lookup address. Possible Causes: This may happen if the hostname is incorrect, the domain does not exist, or there is ...

                    • Mail Server Monitor - Troubleshooting

                      Common Mail Server Monitor Errors and Troubleshooting Guide 1. Unknown Host Error Description: This error occurs when the mail client cannot resolve the hostname of the mail server to an IP address. The issue typically arises from DNS resolution ...

                    • LDAP - Unable to find valid SSL Certificate

                      If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue. When the error occurs we can find the below traces in the "stderr.txt.*" log ...

                    • Best Practices in adding Microsoft 365 monitor

                      From Applications Manager version 16300 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. We have migrated from PowerShell to Graph API as Microsoft 365 PowerShell commands were taking more time to ...

                      Related Products