Message Queue’s SSL support is oriented toward securing on-the-wire data with the assumption that the client is communicating with a known and trusted server. Therefore, SSL is implemented using only self-signed server certificates.In the httpsjms connection service architecture, the HTTPS tunnel servlet plays the role of server to both broker and application client.
JRE_HOME/bin/keytool -servlet keyStoreLocation
First, keytool prompts you for a key store password, and then it prompts you for some organizational information, and then it prompts you for confirmation. After it receives the confirmation, it pauses while it generates a key pair. It then asks you for a password to lock the particular key pair (key password); you should enter Return in response to this prompt: this makes the key password the same as the key store password.
Remember the password you provide: you must provide this password later to the tunnel servlet so it can open the key store.
The HTTPS tunnel servlet must be able to see the key store. Make sure you move/copy the generated key store located in keyStoreLocation to a location accessible by the HTTPS tunnel servlet (see Step 3. Deploying the HTTPS Tunnel Servlet).