runmqckm, and runmqakm commands

This section describes the runmqckm, and runmqakm commands according to the object of the command.

The main differences between the two commands are as follows:

  • runmqakm

    • Is available on UNIX, Linux , and Windows.
    • Supports the creation of certificates and certificate requests with Elliptic Curve public keys whereas the runmqckm command does not.
    • Supports stronger encryption of the key repository file than the runmqckm command through the -strong parameter.
    • Has been certified as FIPS 140-2 compliant, and can be configured to operate in a FIPS compliant manner, using the -fips parameter, unlike the runmqckm command.
  • runmqckm

    • Is available on UNIX and Windows.
    • Supports the JKS and JCEKS key repository file formats, whereas the runmqakm command does not.
Attention: The runmqckm command requires installation of the IBM MQ Java runtime environment (JRE) feature. Each command specifies at least one object. Commands for PKCS #11 device operations might specify additional objects. Commands for key database, certificate, and certificate request objects also specify an action. The object can be one of the following:

    -keydb
    Actions apply to a key database

    -cert
    Actions apply to a certificate

    -certreq
    Actions apply to a certificate request

    -help
    Displays help

    -version
    Displays version information

The following subtopics describe the actions that we can take on key database, certificate, and certificate request objects; See runmqckm and runmqakm options for a description of the options for these commands.