Websphere MQ with Java 7 SSL Connectivity Guide
SSL Connectivity Guide
Make sure SSL is properly configured on your WMQ server. Best way is by checking connectivity using latest IBM Websphere MQ Explorer.
IMPORTANT: Currently, we were only able to get SSL working with IBM JRE 1.7 and JDK 1.7. Oracle JDK 1.7 and 1.8 are not working.
Easy way (IBM JRE 1.7):
- The easiest way to get Qflex working with SSL is by installing IBM JRE 1.7 and set JRE_HOME environment variable.
NOTE: There is no Windows version of IBM JRE and windows users should extract JRE from IBM Websphere MQ Explorer installation (Example: C:\Program Files\IBM\WebSphere MQ Explorer\jre\jre\) or simply set JRE_HOME variable to the existing JRE.
Hard Way (IBM JDK 1.7):
Turns out, unlike JDK, IBM JRE contains an extended set of security providers.
- Copy missing security jars and add them to java.security file.
- Check “jdk.certpath.disabledAlgorithms” key in java.security file. Perhaps it has to be modified to confirm to your selected Cipher Suite.
- Check granted permissions in java.policy and javaws.policy files.
- For information purposes, add following entry in Qflex startup.bat/startup.sh to enable SSL handshake logging: SET IBM_JAVA_OPTIONS=-Djavax.net.debug=true