Skip to Main Content

This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace App Connect
Created by Guest
Created on May 31, 2013

WMB Distinguished Name matching rules

We would like to use SSL mutual authentication on our broker environment. We are using a central (company) CA that both client and server has connection to. The client has a client certificate; the server a server certificate. Now we would like to specify DN matching rules (which is possible in WebSphere MQ) to specify that only the client with a certificate that maches our rules are allowed access to our https connection.

According to Rao Nanduri
The default trust manager used by JSSE does not provide any option to distinguish/verify the clients based on specific DN. The authentication will only validate if the certificate is present in the truststore.
Message Broker has an option like host name checking in HTTP nodes which does a check on the distinguished name and the URL, but that doesn't serve the purpose for you.
JSSE Development team indicated that you would need to write your own trustmanager to do the verification you need on the certificate.
Please refer to the below API documentation about trust manager:

I would prefer not to write our own custom trust maanger but to just specify a DN matching rule.

Idea priority Medium
RFE ID 35426
RFE Product IBM App Connect Enterprise (formerly IBM Integration Bus)
  • Guest
    Sep 15, 2020

    RFE Review. Apologies for the length of time this RFE has been in the status of Under Consideration. We agree with the enhancement request idea that the ability to apply DN matching rules would bring improvement to the product. Status of the RFE is updated to Uncommitted Candidate.

  • Guest
    Oct 7, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - WebSphere
    Product family - Integration
    Product - IBM Integration Bus (WebSphere Message Broker) - IIB

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Connectivity and Integration
    Product - IBM Integration Bus (WebSphere Message Broker) - IIB