Accessing CRLs and ARLs using IBM MQ Explorer

We can use IBM MQ Explorer to tell a queue manager how to access CRLs.

Note that in this section, information about Certificate Revocation Lists (CRLs) also applies to Authority Revocation Lists (ARLs).

Use the following procedure to set up an LDAP connection to a CRL:

1. Ensure that we have started your queue manager.
2. Right-click the Authentication Information folder and click New -> Authentication Information. In the property sheet that opens:
   1. On the first page Create Authentication Information, enter a name for the CRL(LDAP) object.
   2. On the General page of Change Properties, select the connection type. Optionally we can enter a description.
   3. Select the CRL(LDAP) page of Change Properties.
   4. Enter the LDAP server name as either the network name or the IP address.
   5. If the server requires login details, provide a user ID and if necessary a password.
   6. Click OK.
3. Right-click the Namelists folder and click New -> Namelist. In the property sheet that opens:
   1. Type a name for the namelist.
   2. Add the name of the CRL(LDAP) object (from step 2.a ) to the list.
   3. Click OK.
4. Right-click the queue manager, select Properties, and select the SSL page:
   1. Select the Check certificates received by this queue manager against Certification Revocation Lists check box.
   2. Type the name of the namelist (from step 3.a ) in the CRL Namelist field.