Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Delivered
Created by Guest
Created on Oct 23, 2013

Warn users about SSL certficate expiration

Today there are no alerts if an SSL certificate approach his expiration date.
This can cause service interruptions in traffic MQ if the certificate is not renewed on time.

Idea priority High
RFE ID 40730
RFE URL
RFE Product IBM MQ
  • Guest
    Reply
    |
    Nov 16, 2024

    This idea has been marked as "Delivered" but there are still no alerts if an SSL certificate approaches its expiration. There is now a tool that you can run to check. This hardly constitutes an alert.

  • Admin
    Mark Taylor
    Reply
    |
    May 17, 2022

    While we can see potential value in adding this information, this is not something that we can see being implemented in the next 12-18 months. Therefore this suggestion is being declined for now. There are alternative approaches already available for inspecting local keystores/certificates on distributed platforms, such as the runmqakm commands.

  • Guest
    Reply
    |
    Mar 23, 2022

    Hi Mark,

    Yes, please add it.

    Regards,
    Wayne

  • Guest
    Reply
    |
    Mar 22, 2022

    Merged Idea: QMGR SSL certificate display options

    While openssl commands provide certificate information in a Queue Manager its use is rather intrusive to certain data centers as this is not MQ data that arrives at the remote Queue Manager and this produces a CSQX620E message and a Snap Dump. That message then generates automation alerts for those shops tracking errors, which then translate into Incident Reports that have to be addressed. This involves reaching out to the client site and asking why there was non-MQ traffic on the Channel.

    The openssl command produces this message:

    "+CSQX620E +MQxx CSQXRESP SYSTEM SSL ERROR,"

    " channel ????"

    " connection xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)"

    " function 'gsk_secure_socket_read' RC=437"

    It would be nice if there were a way to obtain remote Queue Manager SSL information using an MQ command, not involving openssl or Telnet (which also has issues on VIPA networked Queue Managers).


  • Guest
    Reply
    |
    Oct 15, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - WebSphere
    Product family - Integration
    Product - IBM MQ

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Connectivity and Integration
    Product - IBM MQ

  • Guest
    Reply
    |
    Nov 25, 2013

    This is something we are considering for a future release of MQ. However, enterprise-level certificate management tools that are used to issue the certs should be generating renewal notices. And MQ does allow enquiry of the certs via the gskit tools like runmqckm so they can be checked manually.

0 MERGED

QMGR SSL certificate display options

Merged
Either a new runmqsc command or a base product supplied binary that allows the queue managers SSL certificate details to be displayed. In particular the expiry date.
over 12 years ago in MQ, MQ Advanced & MQ Appliance 3 Delivered
0 MERGED

QMGR monitor SSL certificate expiration and issue warning/event message

Merged
Since the QMGR has the keystore open on the both the distributed and ZoS environments and can see the expiration date of certificates could it not issue warning messages/events to notify asministrator that action is required for a soon to expire c...
about 8 years ago in MQ, MQ Advanced & MQ Appliance 1 Delivered
0 MERGED

Enable SSL Certificates expiration monitoring event alert in logs for WebSphere MQ

Merged
Hi Team, We need your help to Enable automated SSL Certificates expiration monitoring event alert in logs for WebSphere MQ, could you please share the steps ?,and also please share the Event IDs that will write in MQ logs Example EventIDs would be...
over 3 years ago in MQ, MQ Advanced & MQ Appliance 0 Delivered