Adding missing certification authority certificates into WebSphere MQ certificate stores
This section gives the commands necessary to add SSL certificates into WebSphere MQ certificate stores to complete the certificate chains prior to migrating to WebSphere MQ V6.0.
Missing certificates can be obtained from the certification authority that issues them. To import a certification authority certificate into a WebSphere MQ certificate store, issue the AMQMCERT command at a command prompt.
- For a queue manager enter:
amqmcert -a -s CertificateFilename -m queueManagerTo list all certificates in the WebSphere MQ queue manager certificate store, enter:
amqmcert -l -m queueManagerWhere:
- CertificateFilename is the fully qualified filename of the file where the certification authority certificate is stored in (certification authority certificates are usually provided in files with extensions .DER, .pb7, or .CER)
- queueManager is the name of the queue manager that requires the certificate to be added to its certificate store
- For a client (which uses the WebSphere MQ client certificate store identified by the MQSSLKEYR environment variable) enter:
amqmcert -a -s CertificateFilenameTo list all certificates in the WebSphere MQ client certificate store, enter:
amqmcert -lWhere:
- CertificateFilename is the fully qualified filename of the file where the certification authority certificate is stored in (certification authority certificates are usually provided in files with extensions .DER, .pb7, or .CER)
- For client applications that use MQCONNX calls enter:
amqmcert -a -s CertificateFilename -k KeyRepositoryTo list all certificates in the WebSphere MQ client certificate store, enter:
amqmcert -l -k KeyRepositoryWhere:
- CertificateFilename is the fully qualified filename of the file where the certification authority certificate is stored in (certification authority certificates are usually provided in files with extensions .DER, .pb7, or .CER)
- KeyRepository is the value (the fully qualified stem name of the repository file) stored in the MQSCO structure
For full details of the AMQMCERT command see the "WebSphere MQ V5.3 System Administration Guide".
Parent topic:
Step 1: Ensuring WebSphere MQ certificate stores contain complete certificate chains
mi10320_