If you encounter problems while enabling SSL you may want to turn off SSL. Three methods for achieving this are:
- Stopping the SSL channelsThis method can be used up until Task 5. Once you define SSL channels there are two sets of channels between each queue manager (one SSL and one non-SSL). Manually stopping the SSL cluster sender channels will put them into STOPPED state, which is the least preferential state when the queue manager workload balances messages using the cluster workload algorithm. Therefore if the non-SSL channel is healthy, the queue manager should workload balance messages to the non-SSL channels. The queue manager will still workload balance messages to the SSL channels if there are affinities to them (e.g. If queues were opened bind-on-open and the open handle remains in use).
- Altering the SSL channelsYou can use this method at any time. Altering the SSLCIPH attribute of the SSL channels to blank will turn off SSL for channels. Use the following command.
ALTER CHL(TO.<qm>) CHLTYPE(<CLUSRCVR/CLUSSDR>) SSLCIPH(‘ ‘)Alter the channels in the following order:- All full repository cluster receivers.
- All full repository cluster senders.
- All partial repository cluster receivers.
- All partial repository cluster senders.
UseDISPLAY CLUSQMGR(<qm>) SSLCIPHto check that all the change has been published to other cluster queue managers.After switching off SSL, to turn it back on there is no need to start from the beginning of this document; simply alter to channels to set the SSLCIPH attribute to a non-blank value. - Deleting the SSL channels.
Comments