SSL implemented for secure communication over network. For establishing a tunnel between Queue Managers SSL is important. Here used Sha256 algorithm for encryption & decryption.
5. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
SelectIBMKey Managementtool.Before thatopenthe SSLfoldersusingadminaccessinyourfile
system.
CreatingKeydatabase for QM1. The Keydata base containall informationof 3files.Wheneverthe
any additionof fileshappeninginSSLfolderthose details getupdatedinkeydatabase.
7. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
All three files in SSL folder of QM1
We can have CA signedcertificate butforinternal consumptionoreducationpurposeI am using self
signed certificate. So click on “New Self signed”.
8. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
In this pop up window add all details these need to be specified exactly without errors anywhere
when giving SSLPEER values. On sender queue manager QM1 I providing distinguish names.
Then Extracting those file certificate
9. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
After extraction the qm1.arm file can be seen in SSL folder
On DestinationSideQueue Managerwe shouldcreate Keydatabase.So,create new Keydatabase.
Navigate to SSL folder of QM2.
12. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
The creation of .arm file for QM2 destination side can be seen
Now mutually exchange .arm files of both SSL of Source(QM1) to Destination (QM2)
To add the exchangedARMfilestoKeydatabase of SSL.We needtoperformbelow functions.
Opening keydatabase of QM1
13. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
Give password
Click on drop down menu to select Signed Certificate. Click ADD function
Confirmthe pathof QM1 -> SSL->selectqm2.arm
Here inQM1 we are addingqm2.arm file whichisexchangedacrossSSLfolders.
18. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
InQM2 (destinationside) GivingSSLCIPHalgorithm usingALTER
We alsoALTERing channel forgivingSSLCIPHalgorithmonSource side
We needtogive SSLKEYRpath where we don’tmentionthe .kdbfileextensionforsourceside.
22. For educationandinternal consumptionpurposeonly.Thisis meantforOpensource.
By this we successfullyimplementedSSLbetweenTwoQueue Manager where sha256 algorithm
usedfor encryption on both sides.The destinationcertificate detailsis presentinsource side.The
source certificate detailspresentindestinationside.This way securedtunnel for communication
can be established.