Configure for cryptographic hardware

 

We can configure cryptographic hardware for a queue manager on UNIX or Windows using either of the following methods:

• Use the ALTER QMGR MQSC command with the SSLCRYP parameter, as described in the WebSphere MQ Script (MQSC) Command Reference.

• Use WebSphere MQ Explorer to configure the cryptographic hardware on your UNIX or Windows system. For more information, refer to the online help.

We can configure cryptographic hardware for a WebSphere MQ client on UNIX or Windows using either of the following methods:

• Set the MQSSLCRYP environment variable. The permitted values for MQSSLCRYP are the same as for the SSLCRYP parameter, as described in the WebSphere MQ Script (MQSC) Command Reference. If you use the GSK_PCS11 version of the SSLCRYP parameter, the PKCS #11 token label must be specified entirely in lower-case.

• Set the CryptoHardware field of the SSL configuration options structure, MQSCO, on an MQCONNX call. For more information, see the WebSphere MQ Application Programming Reference.

If you have configured cryptographic hardware which uses the PKCS #11 interface using any of these methods, store the personal certificate for use on your channels in the key database file for the cryptographic token you have configured. This is described in Managing certificates on PKCS #11 hardware.

• Managing certificates on PKCS #11 hardware
  

 

Parent topic:

Working with the Secure Sockets Layer (SSL) on UNIX and Windows systems

sy12380_