skip to content
Cabeza's Blog

Setting Up IBM MQ

/ 3 min read

blog, mq

Setting Up IBM MQ

IBM MQ is a robust messaging middleware that enables reliable and secure communication between applications, even across disparate systems and networks. This guide provides a comprehensive, step-by-step walkthrough of setting up IBM MQ from scratch. We’ll cover creating a queue manager, configuring channels with TLS security, setting up queues, and managing permissions—all tailored for beginners while offering enough depth for practical implementation.

What is IBM MQ?

IBM MQ facilitates asynchronous message exchange between applications using a queue-based system. Messages are stored in queues, ensuring delivery even if the receiving application is temporarily unavailable. This makes IBM MQ ideal for critical applications requiring reliability and security.

Key Concepts:

  • Queue Manager: Manages queues, channels, and resources.
  • Queues: Store messages temporarily.
  • Channels: Enable communication between clients and queue managers or between queue managers.
  • Messages: Data exchanged between applications.

Installing IBM MQ

To begin, install IBM MQ on your system:

  • Linux: Use a package manager like yum or apt. Example: sudo yum install MQServer.
  • Windows: Download the installer from the IBM website and follow the prompts.

Post-installation, verify that MQ commands (e.g., crtmqm, strmqm) are available in your terminal or command prompt.

Creating a Queue Manager

The queue manager is the core component of IBM MQ. Let’s create one called QMGR1.

Command:

Terminal window
crtmqm QMGR1
  • crtmqm: Creates the queue manager.
  • QMGR1: The name (customizable).

This initializes the queue manager’s configuration and data structures.

Starting the Queue Manager

Activate the queue manager with:

Command:

Terminal window
strmqm QMGR1
  • strmqm: Starts the queue manager.

Once running, it can handle connections and queue operations.

Setting Up a Server Connection Channel

Clients connect to the queue manager via a server connection channel over TCP/IP.

Steps:

  1. Launch the MQSC interface:

    Terminal window
    runmqsc QMGR1

  2. Define the channel:

    DEFINE CHANNEL('SVRCONN.CHL') CHLTYPE(SVRCONN) TRPTYPE(TCP)
    • CHANNEL('SVRCONN.CHL'): Channel name.
    • CHLTYPE(SVRCONN): Server connection type.
    • TRPTYPE(TCP): TCP/IP transport.

This channel enables client connections to QMGR1.

Securing the Channel with TLS

For secure communication, configure TLS (Transport Layer Security) on the channel.

Step 1: Create a Keystore

Use runmqckm to create a CMS keystore:

Command:

Terminal window
runmqckm -keydb -create -db /path/to/keystore.kdb -pw password -type cms
  • /path/to/keystore.kdb: Keystore file location.
  • password: Secure password.

Step 2: Generate a Certificate

Create a self-signed certificate:

Command:

Terminal window
runmqckm -cert -create -db /path/to/keystore.kdb -pw password -label ibmwebspheremqqmgr1 -dn "CN=QMGR1,O=Organization,C=Country"
  • label ibmwebspheremqqmgr1: Matches queue manager name (lowercase).
  • -dn: Distinguished name (customize as needed).

Step 3: Configure the Channel

In the MQSC prompt:

ALTER CHANNEL('SVRCONN.CHL') CHLTYPE(SVRCONN) SSLCIPH('TLS_RSA_WITH_AES_256_CBC_SHA256') SSLCAUTH(REQUIRED)
  • SSLCIPH: TLS cipher suite.
  • SSLCAUTH(REQUIRED): Requires client certificate authentication.
ALTER QMGR SSLKEYR('/path/to/keystore')
  • Omit .kdb from the path.

This ensures encrypted, authenticated connections.

Creating and Configuring Queues

Create a local queue for message storage:

Command (in MQSC):

DEFINE QLOCAL('QUEUE1') DESCR('First queue for messages')
  • QLOCAL: Local queue type.
  • QUEUE1: Queue name.

Additional queues can be created similarly.

Managing Permissions for Queues

Control access to queues using setmqaut.

Example: Grant mquser permissions to put and get messages on QUEUE1:

Terminal window
setmqaut -m QMGR1 -t q -n QUEUE1 -p mquser +put +get
  • -m QMGR1: Queue manager.
  • -t q: Queue object.
  • -p mquser: User or group.
  • +put +get: Permissions granted.

Repeat for other users or queues.

Reusing the Setup for Additional Queues

Add more queues without altering the channel or security:

  1. Create a new queue:

    DEFINE QLOCAL('QUEUE2') DESCR('Second queue for messages')

  2. Set permissions:

    Terminal window
    setmqaut -m QMGR1 -t q -n QUEUE2 -p mquser +put +get

Clients can access both queues via SVRCONN.CHL with appropriate permissions.

Testing the Setup

Test with IBM MQ sample tools:

  1. Put a message:

    Terminal window
    amqsputc QUEUE1 QMGR1

    Type a message and press Enter.

  2. Get the message:

    Terminal window
    amqsgetc QUEUE1 QMGR1

Ensure client settings (channel, host, port, TLS) are correct.

Conclusion

This guide outlines the complete setup of IBM MQ, from installation to testing. With a queue manager, secure TLS channels, and permissioned queues, you’ve built a scalable messaging system. Whether for small projects or enterprise solutions, IBM MQ offers reliability and flexibility. Start messaging with confidence!