Does CA Gen using IBM WebSphere MQ support secure Java client->server communications (SSL/TLS)

Document ID : KB000115638
Last Modified Date : 25/09/2018
Show Technical Document Details
Question:
Does CA Gen using IBM WebSphere MQ support secure Java client->server communications (SSL/TLS)?
Environment:
CA Gen 8.5, 8.6
Answer:
CA Gen using IBM WebSphere MQ does support secure Java client->server communications (SSL/TLS).
The current supported method to achieve this is by setting the MQ environment variable CMQC.SSL_CIPHER_SUITE_PROPERTY to the required CipherSuite.
NOTE: WebSphere MQ itself handles all of the required TLS communications requirement with configuration settings and certificate and there is no extra requirement on the Gen side.
Additional Information:
1. Enabling TLS in IBM MQ classes for Java: 
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.dev.doc/q031220_.html
NOTE:
To connect successfully using TLS, the client JSSE truststore must be set up with certificate authority root certificates from which the certificate presented by the queue manager can be authenticated. Similarly, if SSLClientAuth on the SVRCONN channel has been set to MQSSL_CLIENT_AUTH_REQUIRED, the JSSE keystore must contain an identifying certificate that is trusted by the queue manager.

2. Using SSL TLS to connect two MQ queue managers in MQ 7.5 and MQ 8.0 / MQ 9.0 using self-signed certificates (IBM Techdoc: 7048223):
https://www-01.ibm.com/support/docview.wss?uid=swg27048223&aid=1