Certificate management
Use a set of files to store digital certificate and certificate revocation information.
IBM MQ TLS support uses a set of files to store digital certificate and certificate revocation information. These files are located in a directory specified either programmatically by way of the KeyRepository field in the MQSCO structure passed on the MQCONNX call, by the MQSSLKEYR environment variable, or, in the SSL stanza of the mqclient.ini using the SSLKeyRepository attribute.
The MQSCO structure takes precedence over the MQSSLKEYR environment variable which takes precedence over the ini file stanza value.
Important: The key repository location specifies a directory location and not a filename on the HP Integrity NonStop Server platform. The IBM MQ client for HP Integrity NonStop Server uses the following, case sensitive, named files in the key repository location:- Personal certificate store
- Certificate truststore
- Pass phrase stash file
- Certificate revocation list file
- Personal certificate store
The personal certificate store file, cert.pem. - Certificate truststore
The certificate truststore file, trust.pem. - Pass phrase stash file
The pass phrase stash file, Stash.sth. - Certificate revocation list file
The certificate revocation list file, crl.pem.
Parent topic: Work with SSL/TLS on HP Integrity NonStop Server