Create a new certificate store

 

You create a new certificate store only if you do not want to use the i5/OS default certificate store.

We can specify that the i5/OS system certificate store is to be used by changing the value of the queue manager's SSLKEYR attribute to *SYSTEM. This value indicates that the queue manager will use the system certificate store, and the queue manager is registered for use as an application with Digital Certificate Manager (DCM).

Use the following procedure to create a new certificate store for a queue manager:

1. Access the DCM interface, as described in Accessing DCM.

2. In the navigation panel, click Create New Certificate Store. The Create New Certificate Store page displays in the task frame.

3. In the task frame, select the Other System Certificate Store radio button. Click Continue. The Create a Certificate in New Certificate Store page displays in the task frame.

4. Select the No - Do not create a certificate in the certificate store radio button. Click Continue. The Certificate Store Name and Password page displays in the task frame.

5. In the Certificate store path and filename field, type an IFS path and filename, for example /QIBM/UserData/mqm/qmgrs/qm1/key.kdb

6. Type a password in the Password field and type it again in the Confirm Password field. Click Continue. A window displays, containing a list of the CA certificates that are pre-installed in the certificate store. This list includes the certificate for the local CA, if you have created one. Make a note of the password (which is case sensitive) because you will need it when you stash the repository key.

7. To exit from DCM, close your browser window.

When you have created the certificate store using DCM, ensure you stash the password, as described in Stashing the certificate store password.

 

Parent topic:

Set up a key repository

sy11960_