Usage guide

Prior to using queue-based security, WebSphere MQ Everyplace owned authenticatable entities must have credentials. This is achieved by completing the correct configuration so that auto-registration of queue managers is triggered. This requires the following steps:

  1. Setup and start an instance of WebSphere MQ Everyplace mini-certificate issuance service.
  2. In administration mode, add the name of the queue manager as a valid authenticatable entity, and the entity's one-time-use certificate request PIN.
  3. Start the mini-certificate server in server mode.
  4. Refer to the description in Using qm_create to create ClientQMgr and ServerQMgr instances.

Prior to using message-level security to protect messages using MQeMTrustAttribute, the application must use private registry services to ensure that the initiating and recipient entities have credentials. This requires the following steps:

  1. Setup and start an instance of WebSphere MQ Everyplace mini-certificate issuance service.
  2. In administration mode, add the name of the application entity, and allocate the entity a one-time-use certificate request PIN.
  3. Start the mini-certificate server in server Mode.
  4. Use a program similar to the code fragment below to trigger auto-registration of the application entity . This creates the entity's credentials and saves them in its private registry.
/* SIMPLE MQePrivateRegistry FRAGMENT                              */
		MQePrivateRegistryHndl preg;
		MQERETURN rc;
		MQeExceptBlock exceptBlock;
 
     		/* setup PrivateRegistry parameters                             */
       	rc = mqePrivateRegistry_new(&Block, &preg);
       	rc = mqePrivateRegistry_activate(
			preg,
			&Block,
			MQeString("Bruce"),     /* entity name  */
             	MQeString(".//MQeNode_PrivateRegistry"),	
					/* directory root  */
                  
					MQeString("11111111"), 
	        		/* private reg access PIN     */
              	MQeString("It_is_a_secret"),  
			 		/* private credential keyseed */
              	MQeString("12345678"), 
	       		/* on-time-use Cert Req PIN   */
              MQeString("9.20.X.YYY:8082")); 
			   	/* addr and port MiniCertSvr  */


© IBM Corporation 2000, 2003. All Rights Reserved