Configure certificate validation policies in IBM MQ
We can specify which TLS certificate validation policy is used to validate digital certificates received from remote partner systems in four ways.
On the queue manager, the certificate validation policy can be set in the following ways:
- Use the queue manager attribute CERTVPOL. For more information about setting this attribute, see ALTER QMGR.
On the client, there are several methods that can be used to set the certificate validation policy. If more than one method is used to set the policy, the client uses the settings in the following priority order:
- Use the CertificateValPolicy field in the client MQSCO structure. For more information about using this field, see MQSCO - SSL configuration options.
- Use the client environment variable, MQCERTVPOL. For more information about using this variable, see MQCERTVPOL.
- Use the client SSL stanza tuning parameter setting, CertificateValPolicy. For more information about using this setting, see SSL stanza of the client configuration file.
For more information about certificate validation policies, see Certificate validation policies in IBM MQ.
Parent topic: TLS security protocols in IBM MQ