BMC Middleware and Transaction Management: How-to setup an agentless qmgr connections using SSL

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    TrueSight Middleware Monitor


    COMPONENT:

    BMC Middleware and Transaction Management


    APPLIES TO:

    BMC Middleware Monitoring 8.0.01 BMC TrueSight Middleware Monitor 8.0.01 BMC TrueSight Middleware Transaction Monitor 8.0.01



    QUESTION:

    How-to setup an agentless qmgr connections using SSL


    ANSWER:

    First you need to define the agentless connection using the agentpref utility:

    Example agentpref command:

     

    agentpref --host <proxyhostname> --port 2612 --set-remote-qmgr-info <qmgrname> SYSTEM.DEF.SVRCONN "ipaddress(listener_port)" CipherSpecName "TLS_RSA_WITH_AES_128_CBC_SHA" KeyRepository "E:\Agent\security\key2"
      
    where set-remote-qmgr-info values are  :                                                                                                                                                          
    ParameterExample ValueDescription
    positional<qmgrname> the queue manager name for the remote qmgr you wish to monitor
    positionalSYSTEM.DEF.SVRCONNthe name of the server conn channel you whish to use (I chose SYSTEM.DEF.SVRCONN by default)
    positional"ipaddress(listener_port)"the hostname/ipaddress of the remote host you wish to monitor and listener_port is the port if the listener on that system
    CipherSpecName"TLS_RSA_WITH_AES_128_CBC_SHA"the cipherspec you wish to use
    KeyRepository"E:\Agent\security\key2"the location/name of the key repository that the proxy agent will use
      


    IMPORTANT:

       you need to create a new keystore in CMS format, import the qmgr certificate as well as the root CA info. Then you can point the KeyRepository parameter to the new keystore. For example, if you were to create a new keystore and named it 'key.kdb', you would import the certs and copy that new keystore to the proxy agent box, into (for example) E:\agent\security\key

    NOTE: you do not need to put the .kdb suffix on the path

     


    Article Number:

    000124943


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles