Authentication information
Authentication information objects contain connection details of servers that can be used to determine revocation status certificates.
An authentication information object contains authentication information that is used when checking whether a TLS certificate is revoked or not. The following table shows the IBM MQ TLS authentication information support for different platforms:
| Platform | Support |
|---|---|
| IBM MQ on Windows systems | IBM MQ TLS supports checks for revoked certificates using OCSP, or using CRLs and ARLs on LDAP servers, with OCSP as the preferred method. IBM MQ classes for Java cannot use the OCSP information in a client channel definition table file. However, we can configure OCSP as described in Revoked certificates and OCSP. |
| IBM MQ on UNIX systems | IBM MQ TLS supports checks for revoked certificates using OCSP, or using CRLs and ARLs on LDAP servers, with OCSP as the preferred method. IBM MQ classes for Java cannot use the OCSP information in a client channel definition table file. However, we can configure OCSP as described in Revoked certificates and OCSP. |
| IBM MQ on z/OS systems | IBM MQ TLS supports checks for revoked certificates using CRLs and ARLs on LDAP servers only. IBM MQ on z/OS systems cannot use OCSP. |
| IBM MQ on IBM i systems | IBM MQ TLS supports checks for revoked certificates using CRLs and ARLs on LDAP servers only. IBM MQ on IBM i systems cannot use OCSP. |
For information about working with CRL & LDAP, see: Work with revoked certificates.
For information about working with OCSP, see: Work with Online Certificate Status Protocol (OCSP).
For information about controlling access at a channel level, see Channel authentication records.
- Work with revoked certificates
Authentication information objects contain connection details of responders or servers that can be used to determine the revocation status of certificates. - Work with Online Certificate Status Protocol (OCSP)
IBM MQ determines which Online Certificate Status Protocol (OCSP) responder to use, and handles the response received. We might have to take steps to make the OCSP responder accessible.
Parent topic: Objects in IBM MQ Explorer
Related concepts
Related tasks
- Create and configure queue managers and objects
- Delete queue managers and objects
- Configure TLS on queue managers
Related reference