Configure for cryptographic hardware on UNIX, Linux, and Windows
We can configure cryptographic hardware for a queue manager or client in a number of ways.
We can configure cryptographic hardware for a queue manager on UNIX, Linux, and Windows using either of the following methods:- Use the ALTER QMGR MQSC command with the SSLCRYP parameter, as described in ALTER QMGR.
- Use IBM MQ Explorer to configure the cryptographic hardware on your UNIX, Linux or Windows system. For more information, refer to the online help.
We can configure cryptographic hardware for an IBM MQ client on UNIX, Linux, and Windows using either of the following methods:
- Set the MQSSLCRYP environment variable. The permitted values for MQSSLCRYP are the same as for the SSLCRYP parameter, as described in ALTER QMGR. If we use the GSK_PCS11 version of the SSLCRYP parameter, the PKCS #11 token label must be specified entirely in lower-case.
- Set the CryptoHardware field of the SSL configuration options structure, MQSCO, on an MQCONNX call. For more information, see Overview for MQSCO.
If we have configured cryptographic hardware which uses the PKCS #11 interface using any of these methods, we must store the personal certificate for use on your channels in the key database file for the cryptographic token you have configured. This is described in Manage certificates on PKCS #11 hardware.
- Manage certificates on PKCS #11 hardware
We can manage digital certificates on cryptographic hardware that supports the PKCS #11 interface.
Parent topic: Work with SSL/TLS on UNIX, Linux, and Windows