On a server queue manager, you can create one or more authentication information objects. The attributes of an authentication object contain all the information that is needed to access an LDAP server that holds CRLs. One of the attributes specifies the host address or IP address of a system on which an LDAP server runs. This address can be followed by an optional port number enclosed in parentheses. The default port number is 389.
To enable a WebSphere MQ client to access LDAP servers that hold CRLs, the attributes of one or more authentication information objects can be included in a client channel definition table. This is done in the following ways:
The attributes of the authentication information objects identified by the namelist are referred to collectively here as the CRL information. When you set the queue manager attribute, SSLCRLNameList, to the name of the namelist, the CRL information is copied into the client channel definition table associated with the queue manager. If the client channel definition table can be accessed from a client system as a shared file, or if the client channel definition table is then copied to a client system, the WebSphere MQ client on that system can use the CRL information in the client channel definition table to access LDAP servers that hold CRLs.
If the CRL information of the queue manager is changed subsequently, the change is reflected in the client channel definition table associated with the queue manager. If the queue manager attribute, SSLCRLNameList, is set to blank, all the CRL information is removed from the client channel definition table. These changes are not reflected in any copy of the table on a client system.
If you require the CRL information at the client and server ends of an MQI channel to be different, and the server queue manager is the one that is used to create the CRL information, you can do the following:
The contents of a client channel definition table generated on z/OS do not depend on the value of any queue manager attributes, such as SSLCRLNameList, and cannot be updated dynamically. The only way you can change the CRL information in a client channel definition table is to generate a new table by running CSQUTIL again.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
sslccdt |