Stashing the certificate store password on IBM i systems

Stash the certificate store password by using CL commands.

The following instructions apply to stashing the certificate store password on IBM® i for a queue manager. Alternatively, for an IBM MQ MQI client, if you are not using the *SYSTEM certificate store (that is, the MQSSLKEYR environment is set to a value other than *SYSTEM), follow the procedure described in the Stash the certificate store password section of IBM MQ SSL Client utility (amqrsslc) for IBM i.

If we have specified that the *SYSTEM certificate store is to be used (by changing the value of the SSLKEYR attribute of the queue manager to *SYSTEM) you must not follow these steps.

When we have created the certificate store using DCM, use the following commands to stash the password:

STRMQM MQMNAME('queue_manager_name')
CHGMQM MQMNAME('queue_manager_name') SSLKEYRPWD('password')

The password is case sensitive. It must be entered in single quotation marks exactly as you entered it in step 6 of Creating a certificate store on IBM i. Note: If you are not using the default system certificate store, and we do not stash the password, attempts to start TLS channels fail because they cannot obtain the password required to access the certificate store.