OutboundSNI property
You can set the OutboundSNI property in an application by using either a property or an environment variable.
From IBM® MQ 9.3.0, you can set the
MQC.OUTBOUND_SNI_PROPERTY in the application, using a hash table when using the
MQQueueManager
class to connect to the queue manager.
- MQC.OUTBOUND_SNI_CHANNEL, which maps to "CHANNEL"
- MQC.OUTBOUND_SNI_HOSTNAME, which maps to "HOSTNAME"
- MQC.OUTBOUND_SNI_ASTERISK, which maps to "
*
"
- CHANNEL
- HOSTNAME
- *
App.config
file, as
with any other mqclient.ini property.- Application level property
- Environment variable
For the OutboundSNI property in unmanaged node, mqclient.ini only is supported.
The properties set in the App.config
file are applicable for .NET Framework applications only.
If you provide a value that is not valid at the application level or in the
App.config
file, the return code MQRC_OUTBOUND_SNI_NOT_VALID is issued.
If you set an environment variable that is not valid, or provide a value that is not valid in the
mqclient.ini file, the default value of CHANNEL
is used.
OutboundSNI and multiple certificates
IBM MQ uses the SNI header to provide multiple certificates functionality. If an application is connecting to an IBM MQ channel that is configured to use a different certificate through the CERTLABL field, then the application must connect with an OutboundSNI setting of CHANNEL.
If an application with an OutboundSNI setting of anything other than CHANNEL connects to a channel with a certificate label configured, the application is rejected with an MQRC_SSL_INITIALIZATION_ERROR, and an AMQ9673 message is printed in the queue manager error logs.
For more information on how IBM MQ provides multiple certificate functionality, see How IBM MQ provides multiple certificates capability .