Configuring TLS for managed IBM MQ .NET
Configuring TLS for managed IBM® MQ .NET consists of creating the signer certificates, then configuring the server side, the client side, and the application program.
About this task
To configure TLS, you must first create the appropriate signer certificates. Signer certificates can be either self signed or certificates provided by a certificate authority. Although self-signed certificates can be used on a development, test or pre-production system, do not use them on a production system. On a production system, use certificates that you have obtained from a trusted external certificate authority (CA).
Procedure
Examples of how to set the TLS protocol and TLS key repository
For Base .NET, you can set the TLS protocol and TLS key repository through the MQEnvironment class as shown in the following example:
MQEnvironment.SSLCipherSpec = "TLS_RSA_WITH_AES_128_CBC_SHA256";
MQEnvironment.SSLKeyRepository = "*USER";
MQEnvironment.properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_AES_128_CBC_SHA256")
Alternatively, you can set the TLS protocol and TLS key repository by supplying a hashtable as part of the MQQueueManager constructor as shown in the following example.
Hashtable properties = new Hashtable();
properties.Add(MQC.SSL_CERT_STORE_PROPERTY, sslKeyRepository);
properties.Add(MQC.SSL_CIPHER_SPEC_PROPERTY, "TLS_RSA_WITH_AES_128_CBC_SHA256")
What to do next
For more information about getting started with developing IBM MQ .NET managed TLS applications, seeWriting a simple application.