IBM: MQ and SSL/TLS Demystified Part 1: Troubleshooting MQ Certificate Issues by Mike Cregger, IBM

Print

IBM White paper

 

Abstract

 

The objective of this technical document is to provide information on Troubleshooting MQ SSL/TLS issues. In this Part 1, we will deal specifically with SSL Keystore and certificate issues.

 

Content

 

Table of Contents:

Overview:
Part 1 - Troubleshooting MQ certificate issues
Some MQ SSL Basics
SSL Server/Client
A simplistic view of a certificate
Basic MQ Management commands
Simplified MQ certificate process
Troubleshooting Keystore/Certificate issues
I - Certificate keystore exists and is valid/accessible
II - Certificates exist, Certificate names are correct
III - Certificate chain to a CA Root certificate exists and is valid
IV - Certificates are marked as "Trusted"
V - Certificate dates are good.
VI - Certificates are not revoked.
VII - Remote certificate passed during SSL negotiation is validated.
VIII – Ensure the correct signer certificates were exchanged
Diagnostics to collect if IBM support needed: (for SSL keystore/certificate issue)
Related Links and Information

 

Techdoc-7048145-MQ-SSL-Part1-Certificates1a.pdf