If certificate authorization fails when the broker is using a certificate authority, it is possible to give the client runtime another means of establishing a secure connection by comparing broker certificate fingerprints. If the fingerprints match, the connection is granted; if they do not match, the attempt to create the connection will fail.
Set the broker connection property MQ_SSL_CHECK_BROKER_FINGERPRINT to true.
Retrieve the broker’s certificate fingerprint by using the java keytool -list option on the broker’s keystore file:
You will use the output of this command as the value for the connection property MQ_SSL_BROKER_CERT_FINGERPRINT in Verification Using Fingerprints. For example, if the output contains a value like the following:
Certificate fingerprint (MD5): F6:A5:C1:F2:E6:63:40:73:97:64:39:6C:1B:35:0F:8E |
You would specify this value for MQ_SSL_BROKER_CERT_FINGEPRINT.
Set the connection property MQ_SSL_BROKER_CERT_FINGEPRINT to the value obtained in Verification Using Fingerprints.