Service Virtualization

 View Only

  • 1.  IBM MQ mTLS connectivity

    Posted Jul 07, 2025 09:38 AM

    MQ Infrastructure is using mTLS for all clients and now DevTest needs to connect to MQ infra with mTLS.

    MQ team has provided the certificate from their side and I do have LISA cert as well.  However I am not able to see mTLS option in the protocol option for connectivity and not sure where to use lisa cert for hand shake.

    Can we support mTLS. please suggest. thank you.



  • 2.  RE: IBM MQ mTLS connectivity

    Broadcom Employee
    Posted Jul 08, 2025 07:20 AM
    HI Vinay
             The existing protocols that are part of the SSL Context have the ability to provide a keystore. You could configure a client certificate using a keystore using any of the available protocols and check if Mutual TLS works fine. If there are any issues, we are happy to help.
    image.png

    --

    regards
    Sankar Natarajan


    ------------------------------
    Sankar Natarajan
    Service Virtualization Product Engineering Team
    Broadcom
    ------------------------------



  • 3.  RE: IBM MQ mTLS connectivity

    Posted Jul 08, 2025 09:24 AM

    Thank you Sankar. I provided DevTest cert to MQ team and they have configured the devTest cert.

    I just wanted to understand If I need to also add DevTest cert in MQ configs in order to connect to Queue Manager. Currently I am seeing an error below mentioned.

    Error: Error opening queue manager IBMMQMGR, Completion Code 2 (MQCC_FAILED), Reason Code 2397 (MQRC_JSSE_ERROR)




  • 4.  RE: IBM MQ mTLS connectivity

    Broadcom Employee
    Posted Jul 08, 2025 12:01 PM
    HI Vinay
    PLease open a support case. We will look into it and help you solve
    this problem. This JSSE error typically means mismatch in cipher spec
    configuration between Client and Server.


    --
    regards
    Sankar Natarajan

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 5.  RE: IBM MQ mTLS connectivity

    Posted Jul 08, 2025 12:45 PM

    Sure Sankar.I will open a support ticket.




  • 6.  RE: IBM MQ mTLS connectivity

    Broadcom Employee
    Posted Jul 08, 2025 08:56 AM
    HI Vinay
    The existing protocols that are part of the SSL Context have the
    ability to provide a keystore. You could configure a client certificate
    using a keystore using any of the available protocols and check if Mutual
    TLS works fine. If there are any issues, we are happy to help.

    [image: image.png]

    --
    regards
    Sankar Natarajan

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.