+

Search Tips | Advanced Search

Scenario: running MQIPT in SSL/TLS proxy mode

We can run MQIPT in SSL/TLS proxy mode, so that it accepts an SSL/TLS connection request from an IBM MQ SSL/TLS client and tunnels it to a IBM MQ SSL/TLS server.


Before you begin


About this task

Figure 1. SSL/TLS proxy mode network diagram

This diagram shows the connection flow from the IBM MQ client (client1.company1.com on port 1415) through MQIPT to the IBM MQ server (server1.company2.com on port 1414).

For further information on setting up SSL/TLS for IBM MQ, refer to the Security section of the IBM MQ product documentation.


Procedure

To run MQIPT in SSL/TLS proxy mode, complete the following steps:

  1. Edit mqipt.conf and add a new route definition: 
    [route]
ListenerPort=1415
Destination=server1.company2.com
DestinationPort=1414
SSLProxyMode=true
  2. Start MQIPT. Open a command prompt and enter the following command:
    C:\mqipt\bin\mqipt C:\mqiptHome
    where C:\mqiptHome indicates the location of the MQIPT configuration file, mqipt.conf.The following message indicates successful completion: 
    5639-L92 (C) Copyright IBM Corp. 2000, 2017 All Rights Reserved
MQCPI001 IBM MQ Internet Pass-Thru Version 2.1.0.3 starting
MQCPI004 Reading configuration information from C:\mqiptHome\mqipt.conf
MQCPI011 The path C:\mqiptHome\logs will be used to store the log files
MQCPI006 Route 1415 has started and will forward messages to :
MQCPI034 ....server1.company2.com(1414)
MQCPI035 ....using SSLProxyMode
MQCPI078 Route 1415 ready for connection requests
  3. At a command prompt on the IBM MQ client, enter the following commands:
    1. Set the MQSERVER environment variable: 
      SET MQSERVER=MQIPT.CONN.CHANNEL/tcp/10.9.1.2(1415)
    2. Put a message: 
      amqsputc MQIPT.LOCAL.QUEUE MQIPT.QM1
Hello world
      Press Enter twice after typing the message string.
    3. Get the message: 
      amqsgetc MQIPT.LOCAL.QUEUE MQIPT.QM1
      The message, "Hello world" is returned.