Use the strmqikm user interface

We can request a personal certificate by using the strmqikm (iKeyman) GUI, or from the command line using the runmqckm (iKeycmd) or runmqakm (GSKCapiCmd) commands. For to manage SSL or TLS certificates in a way that is FIPS-compliant, use the runmqakm command.


strmqikm does not provide a FIPS-compliant option. For to manage TLS certificates in a way that is FIPS-compliant, use the runmqakm command.


Procedure

Complete the following steps to apply for a personal certificate, by using the iKeyman user interface:

  1. Start the user interface by using the strmqikm command.
  2. From the Key Database File menu, click Open. The Open window opens.
  3. Click Key database type and select CMS (Certificate Management System).
  4. Click Browse to navigate to the directory that contains the key database files.
  5. Select the key database file from which we want to generate the request; for example, key.kdb.
  6. Click Open. The Password Prompt window opens.
  7. Type the password you set when you created the key database and click OK. The name of our key database file is shown in the File Name field.
  8. From the Create menu, click New Certificate Request. The Create New Key and Certificate Request window opens.
  9. In the Key Label field, enter the certificate label. The label is either the value of the CERTLABL attribute, if it is set, or the default ibmwebspheremq with the name of the queue manager or IBM MQ MQI client logon user ID appended, all in lowercase. See Digital certificate labels for details.
  10. Type or select a value for any field in the Distinguished name field, or any of the Subject alternative name fields. For the remaining fields, either accept the default values, or type or select new values. For more information about Distinguished Names, see Distinguished Names.
  11. In the Enter the name of a file in which to store the certificate request field, either accept the default certreq.arm, or type a new value with a full path.
  12. Click OK. A confirmation window is displayed.
  13. Click OK. The Personal Certificate Requests list shows the label of the new personal certificate request you created. The certificate request is stored in the file you chose in step 11.
  14. Request the new personal certificate either by sending the file to a certificate authority (CA), or by copying the file into the request form on the website for the CA.

Parent topic: Requesting a personal certificate on UNIX, Linux, and Windows