setmqcrl set certificate revocation list ((CRL) LDAP server definitions)
Purpose
The setmqcrl command applies to WebSphere MQ for Windows only.
Use the setmqcrl command to configure and administer support for publishing CRL (certificate revocation list) LDAP definitions in an Active Directory.
A domain administrator must use this command, or setmqscp, initially to prepare the Active Directory for WebSphere MQ usage and to grant WebSphere MQ users and administrators the relevant authorities to access and update the WebSphere MQ Active Directory objects. You can also use the setmqcrl command to display all the currently configured CRL server definitions available on the Active Directory, that is, those definitions referred to by the queue manager's CRL namelist.
The only types of CRL servers supported are LDAP servers.
Syntax
>>-setmqcrl--+-------------------------+------------------------> '- -a -+----------------+-' '- -m --queue_manager-' >--+-------------------------+--+------+----------------------->< '- -r -+----------------+-' '- -d -' '- -m --queue_manager-'
Optional parameters
You must specify one of -a (add), -r (remove) or -d (display).
- -a
- Adds the WebSphere MQ client connections Active Directory container, if it does not already exist. You must be a user with the appropriate privileges to create subcontainers in the System container of your domain. The WebSphere MQ folder is called CN=IBM-MQClientConnections. Do not delete this folder in any other way than by using the setmqscp command.
- -d
- Displays the WebSphere MQ CRL server definitions.
- -r
- Removes the WebSphere MQ CRL server definitions.
- -m [ * | qmgr ]
- Modifies the specified parameter (-a or -r) so that only the specified queue manager is affected. You must include this option with the -a parameter.
- * | qmgr
- * specifies that all queue managers are affected. This enables you to migrate a specific WebSphere MQ CRL server definitions file from one queue manager alone.
Examples
The following command creates the IBM-MQClientConnections folder and allocates the required permissions to WebSphere MQ administrators for the folder, and to child objects created subsequently. (In this, it is functionally equivalent to setmqscp -a.)
setmqcrl -aThe following command migrates existing CRL server definitions from a local queue manager, Paint.queue.manager, to the Active Directory, deleting any other CRL definitions from the Active Directory first:
setmqcrl -a -m Paint.queue.manager
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.