1 Reply Latest reply on Aug 3, 2014 10:48 AM by dgrove_redhat.com

    AS7/EAP6 to WebSphere MQ

    ben__h

      Hi,

       

      Does anyone have any experience with connecting JBoss to WebSphere MQ securely?

       

      IBM's resource adapter documentation has the keystore password set as a system property which makes it trivial to recover, and because of the load order of the modules, there is no way to store this in the vault.

       

      One option might be to have the application set the properties, at which point it might be able to use the vault, however IBM's docs at http://pic.dhe.ibm.com/infocenter/wmqv7/v7r1/index.jsp?topic=%2Fcom.ibm.mq.doc%2Fjm40070_.htm state that the properties cannot be passed as part of the activation spec or in the connection factory.

       

      Other options I'm looking at include IPSEC tunnels and connecting to a local MQ queue manager and then having that handle the SSL.

       

      Thanks,

       

      Ben

        • 1. Re: AS7/EAP6 to WebSphere MQ
          dgrove_redhat.com

          I'm having trouble finding the articles, but you can configure IBM MQ to use SSL.  If you search the IBM sites, there is a Java GUI wizard available that produces a script that will configure an MQ channel to use SSL.  This includes creating the keystores and configuring MQ itself.  Past that, you then need to bring the public keys over to JBoss.  For MDBs, you then also need to include the cipherSuite as part of the activation spec.

           

           

          - Doug