Configuring queue manager security

This section shows how to configure a queue manager and a private registry with security features.

Setting up the queue manager

In order to configure a queue manager's private registry, which can be shared by its' queues, do the following:

  1. When starting the queue manager, present the private registry logon PIN. If autoregistration with a mini-certificate server is required, the CertReqPIN, KeyRingPassword, and CAIPAddrPort parameters must also be presented, on opening the registry.
  2. The mini-certificate server is running if autoregistration is required.

Setting up a private registry

A private registry is relevant only if one of the queue-attribute properties prerequisites it. In order to establish a queue manager private registry, which can be shared by its' queues, the following conditions must be met:

  1. The owning queue manager must itself have a registry of type private registry.
  2. The owning queue manager must have previously auto-registered with the mini-certificate server. This must have been primed to allow queue registry before the queue private registry can be established. if auto registration with a mini-certificate server is required.
  3. In starting the queue manager, the queue manager private registry logon PIN, CertReqPIN, KeyRingPassword, and CAIPAddrPort were passed whilst opening the registry. If a CertReqPIN different from the queue manager's is used for the queue, it is currently necessary to first shutdown the owning queue manager, replace the original CertReqPIN with the new one, and then start the queue manager again. Auto-registration will then be triggered using the new CertReqPIN when the queue private registry is activated first time.
  4. The mini-certificate server is running, if autoregistration with the mini-certificate server is required.

If queue private registry (instead of the queue manager's) is required, for example, the target registry property of the queue has been set to "Queue" for com.ibm.mqe.attributes.MQeWTLSCertAuthenticator.

Due to the intensity of numerical computation involved, auto-registration may take 10-20 minutes on a handheld device.


Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.