IBM MQ SSL Certificate Validity Test

SSL Certificates are important for a server to maintain the security of data that is passed to and from other servers. With the use of SSL certificates comes the responsibility to keeping them up to date. If the SSL certificate expires and is not renewed on time, it posses many security risks such as high risk of customer data being stolen, server security is at risk without encryption, data breaches, and many other threats. Hence, it is very essential to monitor the SSL certificate validity details of the target MQ server and promptly alert administrators on the same. This test monitors every SSL certificate installed on the target MQ server and reports how long (in days) the SSL certificates that have been configured for monitoring will remain valid.

Target of the test : A WebSphere MQ server

Agent deploying the test : An internal agent

Outputs of the test : One set of results for every SSL certificate installed on the target IBM WebSphere MQ server.

Configurable parameters for the test



Test period

How often should the test be executed.


The host for which the test is to be configured.


The port number at which the specified host listens.

MQ Home

Specify the full path to the install directory of the IBM WebSphere MQ server. For example, if the IBM WebSphere MQ server is installed on a Windows operating system, then the path will be C:\Program Files\IBM\WebSphere MQ. On the other hand, if the target server is installed on Linux operating system, then, the path will be /opt/mqm.

Key Database Name

For the eG agent to report the validity of the SSL certificates contained in the server database, you need to enable the agent to access the key database where the server certificates are stored. For this, specify the full path to the key database in this text box. For example, the location of this file may be: /var/mqm/qmgrs/QM13/ssl/key.kdb.

KDB Password

Provide the password that is used to obtain the associated certificate details from the key database.

Confirm Password

Confirm the password by retyping it in the Confirm Password text box.

Expiry in Days

This test monitors the expiry details of only those certificates which expires within the specified time period configured in this parameter. For example, If this parameter is set as 30 days, then this test lists the certificates that expires within 30 days. Hence, specify time period in days against this parameter. By default, this is set to 30 days.

Ignore Names

Specify a comma-separated list of SSL certificates or certificate patterns that should be excluded from the scope of monitoring. For example, your specification can be: *ibmweb*, ibmwebspheremqqm14,*ibmwebegurkha*. By default, this parameter is set to none.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

SSL certificate validity

Indicates the number of days from the current day for which this SSL certificate will be valid.


The detailed diagnosis of this measure provides SSL certificate validity details.