This book uses the general term key repository to describe the store for digital certificates and their associated private keys. The specific store names used on the platforms that support SSL are:
i5/OS(TM) | certificate store |
Windows(R) and UNIX(R) | key database file |
z/OS(R) | key ring |
For more information, refer to Digital certificates and Secure Sockets Layer (SSL) concepts.
A fully authenticated SSL connection requires a key repository at each end of the connection. The key repository contains:
The location of the key repository depends on the platform you are using:
Alternatively, you can specify that the i5/OS system certificate store is to be used instead. To do this you change the value of the queue manager's SSLKEYR attribute to *SYSTEM. This value indicates that the queue manager will use the system certificate store, and the queue manager is registered for use as an application with Digital Certificate Manager (DCM).
On i5/OS the certificate store also contains the private key for the queue manager.
For more information, see Working with a key repository.
On Windows and UNIX systems each key database file has an associated password stash file. This file holds encrypted passwords that allow programs to access the key database. The password stash file must be in the same directory and have the same file stem as the key database, and must end with the suffix .sth, for example /var/mqm/qmgrs/QM1/ssl/key.sth
On Windows and UNIX systems, the key database also contains the private key for the personal certificate associated with the queue manager or WebSphere MQ client.
Other external security managers (ESMs) also use key rings for storing certificates.
On z/OS, private keys are managed by RACF.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csq01ckr |