Configuring SSL on Streams for WebSphere MQ

If you plan to use WebSphere MQ with Opportunity Detect queue data source connectors, and if you want communication to take place over SSL, follow these guidelines.

Before you begin

These guidelines assume that you have SSL enabled on the WebSphere MQ server and that you have generated all of the required certificates, keystores, and truststores.

Procedure

  1. Add the SSL configuration parameters to the JAVA_TOOl_OPTIONS environment variable in the .bashrc file for the streamsadmin user. The SSL certificate repository must be accessible from all nodes on Streams Runtime.

    For example:

    export JAVA_TOOL_OPTIONS="-Djavax.net.ssl.trustStore=/opt/mqm/clientkey.kdb

    -Djavax.net.ssl.keyStore=/opt/mqm/clientkey.kdb -Djavax.net.ssl.keyStorePassword=123456

    -Djavax.net.ssl.trustStorePassword=123456 -Djavax.net.ssl.keyStoreType=CMS

    -Djavax.net.ssl.trustStoreType=CMS"

  2. Ensure that the Security Provider is available in the java.security file used by the Streams installation.

    The Streams installation uses the Java package located under the /home/streamsadmin/InfoSphereStreams/java/jre/lib/security directory.