MQ

 View Only

New MQ on Cloud Queue Managers now have TLS Enabled on Predefined Channels

By James McGuire posted Thu March 25, 2021 06:34 AM

  
Ensuring security in any cloud based software service is always of maximum importance. MQ on Cloud is continually working on maintaining a reliable and secure environment, and as part of our continual rollout of queue manager upgrades we are always looking for ways of improving the experience for our users, and ensuring security of queue managers and data is never compromised.

TLS security will now be enabled by default on both of the predefined application channels on all new MQ on Cloud queue managers running version 9.2.2 revision 1 or above. The predefined channels CLOUD.ADMIN.SVRCONN and CLOUD.APP.SVRCONN are now configured to use the SSL cipher specification ANY_TLS12_OR_HIGHER. All applications connecting to a queue manager using a TLS enabled channel must trust the Let's Encrypt CA certificate from the queue manager in order to successfully connect. 

To connect using an administration client such as MQ Explorer or runmqsc, you will need some additional configuration to connect via the predefined channels.

Here are links to relevant topics that will walk you through how to connect administrative applications to your cloud queue manager using TLS.


MQ Explorer - https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_remote_ssl_exp_admin


runmqsc - https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_remote_ssl_runmqsc_admin

Connecting an application securely to an MQ on Cloud queue manager requires additional configuration. In the MQ on Cloud documentation, we have provided guides on how to connect an MQ sample application, and examples for how to configure a JMS application using TLS -https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_connect_app_ssl


When configuring additional application channels, it is highly recommended to use TLS channels in order to protect credentials and data between applications and queue managers. It is therefore strongly advised that if you create user defined channels in your MQ on Cloud queue manager to consider enabling TLS on them and following our detailed guides on how to configure your applications to form a secure connection.


Details on how to configure TLS on user defined channels can be found at the following page - https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_configure_chl_ssl

#whatsnew
0 comments
41 views

Permalink