Qflex 4

Websphere MQ with Java 7 SSL Connectivity Guide

SSL Connectivity Guide

Make sure SSL is properly configured on your WMQ server. Best way is by checking connectivity using latest IBM Websphere MQ Explorer.

IMPORTANT: Currently, we were only able to get SSL working with IBM JRE 1.7 and JDK 1.7. Oracle JDK 1.7 and 1.8 are not working.

Easy way (IBM JRE 1.7):

  1. The easiest way to get Qflex working with SSL is by installing IBM JRE 1.7 and set JRE_HOME environment variable.

NOTE: There is no Windows version of IBM JRE and windows users should extract JRE from IBM Websphere MQ Explorer installation (Example: C:\Program Files\IBM\WebSphere MQ Explorer\jre\jre\) or simply set JRE_HOME variable to the existing JRE.

Hard Way (IBM JDK 1.7):
Turns out, unlike JDK, IBM JRE contains an extended set of security providers.

  1. Copy missing security jars and add them to java.security file.
  2. Check “jdk.certpath.disabledAlgorithms” key in java.security file. Perhaps it has to be modified to confirm to your selected Cipher Suite.
  3. Check granted permissions in java.policy and javaws.policy files.
  4. For information purposes, add following entry in Qflex startup.bat/startup.sh to enable SSL handshake logging: SET IBM_JAVA_OPTIONS=-Djavax.net.debug=true