Use the strmqikm user interface
We can create a personal certificate by using the strmqikm (iKeyman) GUI.
About this task
strmqikm does not provide a FIPS-compliant option. For to manage TLS certificates in a way that is FIPS-compliant, use the runmqakm command.
Procedure
Complete the following steps to create a personal certificate for the queue manager or IBM MQ MQI client by using the graphical user interface:
- Start the GUI by using the strmqikm command.
- From the Key Database File menu, click Open. The Open window displays.
- Click Key database type and select CMS (Certificate Management System).
- Click Browse to navigate to the directory that contains the key database files.
- Select the key database file from which we want to generate the request; for example, key.kdb.
- Click OK. The Password Prompt window opens.
- Type the password you set when you created the key database and click OK. The name of our key database file is shown in the File Name field.
- From the Create menu, click New Self-Signed Certificate. The Create New Self-Signed Certificate window is displayed.
- In the Key Label field, enter the certificate label. The label is either the value of the CERTLABL attribute, if it is set, or the default ibmwebspheremq with the name of the queue manager or IBM MQ MQI client logon user ID appended, all in lowercase. See Digital certificate labels for details.
- Type or select a value for any field in the Distinguished name field, or any of the Subject alternative name fields.
- For the remaining fields, either accept the default values, or type or select new values. For more information about Distinguished Names, see Distinguished Names.
- Click OK. The Personal Certificates list shows the label of the self-signed personal certificate you created.
What to do next
Submit a certificate request to a CA. See Receive personal certificates into a key repository on UNIX, Linux, and Windows for further information.
Parent topic: Create a self-signed personal certificate on UNIX, Linux, and Windows