Use the AMQTCERT (Transfer Certificates) command
This section describes the use of the AMQTCERT (Transfer Certificates) command, which can be used to create key database files and transfer existing SSL certificates held in certificate stores used by queue managers and WebSphere MQ clients.
The AMQTCERT (Transfer Certificates) command can be used to schedule migration for the next time the queue manager is started, or the next time the WebSphere MQ client connects to a queue manager using an SSL channel. The migration includes:
- (for queue managers) deriving the names of the source certificate store and target key database file from the queue manager SSLKeyRepository attribute
- creating the target key database file
- attempting to migrate all SSL certificates found in the source certificate store
For details of all the options available for this command, including the options to specify key database filenames, list certificate stores, and cancel scheduled transfers, see the WebSphere MQ V6.0 System Administration Guide.
Changing migration state
If you have set a queue manager or client to migrate their stores automatically, it sometimes becomes necessary to migrate the certificate store manually. AMQTCERT can be used to cancel the migration for all or individual queue managers or clients, providing that the migration has not taken place. See the WebSphere MQ V6.0 System Administration Guide for details of how to use AMQTCERT to accomplish this.
- Automatically transferring SSL certificates used by all queue managers
This section gives an example of using the AMQTCERT command to automatically transfer the SSL certificates from all WebSphere MQ V5.3 queue managers certificate stores (on the current system).- Automatically transferring SSL certificates used by a specified queue manager
This section gives an example of using the AMQTCERT command to automatically transfer the SSL certificates from a specified WebSphere MQ V5.3 queue manager certificate store.- Automatically transferring SSL certificates used by WebSphere MQ clients
This section gives an example of using the AMQTCERT command to automatically transfer the SSL certificates from a WebSphere MQ client certificate store.- Manually transferring SSL certificates used by a specified queue manager
This section gives an example of using the AMQTCERT command to manually transfer the SSL certificates from a WebSphere MQ queue manager certificate store.- Reasons and remedies for failed certificate transfer
This section gives some reasons and classifications for a failed certificate transfer and how to remedy some of them.
Parent topic:
Step 2: Migrating SSL certificates into Global Security Toolkit database files
mi10360_