When you create a key database, no personal certificates are provided. However, you need a personal certificate before you can run an SSL channel. A self-signed personal certificate can be used to run SSL channels for the purposes of testing SSL communications. These certificates can be created on either a WebSphere(R) MQ queue manager or WebSphere MQ client system.
Use the following procedure to obtain a self-signed certificate for your queue manager or WebSphere MQ client:
Use the following commands to create a self-signed personal certificate using iKeycmd:
gsk7cmd -cert -create -db filename -pw password -label label -dn distinguished_name -size key_size -x509version version -expire days
runmqckm -cert -create -db filename -pw password -label label -dn distinguished_name -size key_size -x509version version -expire days
where:
-db filename | is the fully qualified file name of a CMS key database. |
-pw password | is the password for the CMS key database. |
-label label | is the key label attached to the certificate. |
-dn distinguished_name | is the X.500 distinguished name enclosed in double quotes. Note that only the CN, O, and C attributes are required, and that you can supply only one OU attribute. |
-size key_size | is the key size. The value can be 512 or 1024. |
-x509version version | is the version of X.509 certificate to create. The value can be 1, 2, or 3. The default is 3. |
-expire days | is the expiration time in days of the certificate. The default is 365 days for a certificate. |
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
su3create |