Integration
This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
This idea has been marked as "Delivered" but there are still no alerts if an SSL certificate approaches its expiration. There is now a tool that you can run to check. This hardly constitutes an alert.
While we can see potential value in adding this information, this is not something that we can see being implemented in the next 12-18 months. Therefore this suggestion is being declined for now. There are alternative approaches already available for inspecting local keystores/certificates on distributed platforms, such as the runmqakm commands.
Hi Mark,
Yes, please add it.
Regards,
Wayne
Merged Idea: QMGR SSL certificate display options
While openssl commands provide certificate information in a Queue Manager its use is rather intrusive to certain data centers as this is not MQ data that arrives at the remote Queue Manager and this produces a CSQX620E message and a Snap Dump. That message then generates automation alerts for those shops tracking errors, which then translate into Incident Reports that have to be addressed. This involves reaching out to the client site and asking why there was non-MQ traffic on the Channel.
The openssl command produces this message:
"+CSQX620E +MQxx CSQXRESP SYSTEM SSL ERROR,"
" channel ????"
" connection xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)"
" function 'gsk_secure_socket_read' RC=437"
It would be nice if there were a way to obtain remote Queue Manager SSL information using an MQ command, not involving openssl or Telnet (which also has issues on VIPA networked Queue Managers).
Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - WebSphere
Product family - Integration
Product - IBM MQ
For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Connectivity and Integration
Product - IBM MQ
This is something we are considering for a future release of MQ. However, enterprise-level certificate management tools that are used to issue the certs should be generating renewal notices. And MQ does allow enquiry of the certs via the gskit tools like runmqckm so they can be checked manually.