Encrypting a key ring password
Encrypt the password used to open a key ring file, or to access cryptographic hardware used by MQIPT, with the mqiptPW command. The encrypted password can be used by any of the following properties: SSLClientKeyRingPW, SSLClientCAKeyRingPW, SSLServerKeyRingPW, SSLServerCAKeyRingPW, and SSLCommandPortKeyRingPW. This topic describes the correct way to store a key ring password for use by MQIPT.
The iKeyman stash file facility is not supported by MQIPT. Instead of using a stash file, we must use the mqiptPW command to store the encrypted password.
In versions earlier than Version 9.1.5, key ring passwords for use by MQIPT are stored in files referenced by any of the SSL*KeyRingPW properties.
From Version 9.1.5, encrypt key ring passwords for use by MQIPT using the mqiptPW command, and set the value of the SSL*KeyRingPW properties to the encrypted password. MQIPT is able to distinguish between encrypted passwords and file names in property values for compatibility with configurations created prior to Version 9.1.5.
The method of encrypting key store passwords that is available in MQIPT versions earlier than Version 9.1.5 is deprecated, but can still be used. To improve the protection of key ring passwords, re-encrypt any key ring passwords that have previously been encrypted, using the latest protection method.
To encrypt a key ring password for use by MQIPT, follow the steps in Encrypting stored passwords.
We must use the password mqiptSample to open either of the sample key ring files supplied in the samples/ssl subdirectory of the MQIPT installation directory.
Parent topic: SSL/TLS support