setSSLCertStores

 

public void setSSLCertStores(Collection stores);

Provides a collection of CertStore objects used for certificate revocation list (CRL) checking. The certificate provided by the queue manager is checked against one of the CertStore objects contained within the collection; if the certificate is found, the connection attempt fails. At connect-time, each CertStore in the collection is tried in turn until one is successfully used to verify the queue manager's certificate. This property is ignored if sslCipherSuite is null. Use of this property requires Java™ 2 v1.4. If CertStore objects are specified using this method the MQConnectionFactory cannot be bound into a JNDI namespace. Attempting to do so will result in an exception being thrown.

You must make sure that your Java Software Development Kit (SDK) is compatible with the CRL to use CertStore successfully with a CRL hosted on an LDAP server. Some SDKs require that the CRL conforms to RFC 2587, which defines a schema for LDAP v2. Most LDAP v3 servers use RFC 2256 instead.

Parameters

• stores - the CRL - a list of CertStore objects which contain certificates that have been revoked. Null (the default) means that no checking of the queue manager's certificate is performed.

uj28750_