The information in this article applies to:
Product: MIM
Version: 8
Platform: UNIX, Windows
Discussion
When connecting to WebSphere MQ (MQ) as a client, using MIM, it may be necessary to encrypt data sent over the network. If Client Authentication is enabled on the MQ SVRCONN channel, a password must be accessible for the Java component (Node Agent/Launcher) using SSL to fetch the client certificate to present to the MQ queue manager. This password can be passed unencrypted or encrypted. If the password is passed unencrypted, the password is viewable in the nodeagent startup file (product_install_dir/bin) and in the output of the ps command on UNIX.
To encrypt the password, a product pack is available for MIM v8.1.8 and a hotfix is available for v8.5.1. The hotfix and product pack allow the user to generate encrypted values and put them in a file that is read in by the Node Agent (v8.5.1) or Launcher (v8.1.8). The Node Agent and Launcher decrypt the password at startup for access to the SSL keystore on the Node. Any Java system properties (-D args to Java) can be encrypted using this method.
For MQ SSL, the following properties in the nodeagant.bat/sh (v8.5.1) and run.bat/sh (v8.1.8) would be candidates for encryption:
-Djavax.net.ssl.keyStorePassword
-Djavax.net.ssl.trustStorePassword
Refer to the hotfix or product pack readme files for more information.
