Manage keys and certificates on UNIX, Linux, and Windows
Use the runmqckm command (UNIX and Windows), and runmqakm command (UNIX, Linux, and Windows) to manage keys, certificates, and certificate requests.
- The runmqckm command
- The runmqckm command is available on UNIX and Windows.
The runmqckm command provides functions that are similar to those of iKeyman, described in Securing IBM MQ.
To use the runmqckm command, ensure that the systems environment variables are correctly configured. For primary installations of IBM WebSphere MQ Version 7.1, or later, we can run the setmqinst command.
The runmqckm command requires the IBM MQ JRE component to be installed. If this component is not installed we can use the runmqackm command instead.
- The runmqakm command
- The runmqakm command is available on UNIX, Linux,
and Windows.
To use the runmqakm command, ensure that the systems environment variables are correctly configured. For primary installations of IBM WebSphere MQ Version 7.1, or later, we can run the setmqinst command.
If you need to manage TLS certificates in a way that is FIPS compliant, use the runmqakm command instead of the runmqckm commands. This is because the runmqakm command supports stronger encryption.
Use the runmqckm and runmqakm commands to do the following:
- Create the type of CMS key database files that IBM MQ requires
- Create certificate requests
- Import personal certificates
- Import CA certificates
- Manage self-signed certificates
- runmqckm, and runmqakm commands
This section describes the runmqckm, and runmqakm commands according to the object of the command. - runmqckm and runmqakm options
We can use the runmqckm (iKeycmd) and runmqakm command line options to manage keys, certificates, and certificate requests. - runmqakm error codes
A table of the numeric error codes issued by runmqakm, and what they mean.
Parent topic: Securing IBM MQ