Accessing CRLs and ARLs with an IBM MQ MQI client

Accessing CRLs and ARLs with an IBM MQ MQI client

You have three options for specifying the LDAP servers that hold CRLs for checking by an IBM MQ MQI client.

Note that in this section, information about Certificate Revocation Lists (CRLs) also applies to Authority Revocation Lists (ARLs).
The three ways of specifying the LDAP servers are as follows:

Use a channel definition table
Use the SSL configuration options structure, MQSCO, on an MQCONNX call
Use the Active Directory (on Windows systems with Active Directory support)
For more details, refer to the related information.
We can include up to 10 connections to alternative LDAP servers to ensure continuity of service if one or more LDAP servers fail. Note that the LDAP servers must contain identical information.

We cannot access LDAP CRLs from an IBM MQ MQI client channel running on Linux ( zSeries platform).

Location of an OCSP responder, and of LDAP servers that hold CRLs
On an IBM MQ MQI client system, we can specify the location of an OCSP responder, and of Lightweight Directory Access Protocol (LDAP) servers that hold certificate revocation lists (CRLs).
Parent topic: Working with Certificate Revocation Lists and Authority Revocation Lists