Key repositories for the managed .NET client
The key repository on the client side of the TLS configuration is a Windows keystore. The server side repository is a Cryptographic Message Syntax (CMS) type of repository.
Client side
The client side of the TLS configuration in IBM MQ .NET consists of client side key repository, client certificates, and the choices the application program makes.
- The client side key repository is always a Windows keystore. It can be either a User or a Computer account under which certificates can be stored.
- In the application, we can set either of the following values for the key repository:
- "*USER": IBM MQ.NET accesses the current user's certificate store to retrieve the client certificates.
- "*SYSTEM": IBM MQ.NET accesses the local Computer account to retrieve the certificates.
- The client's certificates must be stored in the My certificate store of the User or Computer account. All the server (CA) certificates must be stored in the root directory of the certificate store.
Server side
The server side key repository is of type CMS and a traceable local computer's directory path must set on the queue manager SSL properties.