To override this setting and force Message Queue clients to validate the Message Queue broker’s certificate, edit:
Add the following to the JVM arguments of each process in Watchlist.properties :
-Djavax.net.ssl.trustStore=keystore_path-DimqSSLIsHostTrusted=false
Restart the Identity Synchronization for Windows daemon or service.
The javax.net.ssl.trustStore property should point to a JSEE keystore that trusts the broker certificate, for example, /etc/imq/keystore can be used on the machine where Core was installed because this is the same keystore used by the broker.