An SSL connection requires a key repository at each end of the connection. Each queue manager must have access to a key repository. Use the SSLKEYR parameter on the ALTER QMGR command to associate a key repository with a queue manager. See The SSL key repository for more information.
On z/OS, digital certificates are stored in a key ring that is managed by your External Security Manager (ESM). These digital certificates have labels, which associate the certificate with a queue manager. SSL uses these certificates for authentication purposes. All the examples that follow use RACF(R) commands. Equivalent commands exist for other ESM programs.
On z/OS(R), WebSphere MQ uses the ibmWebSphereMQ prefix on a label to avoid confusion with certificates for other products. The prefix is followed by the name of the queue manager.
The key repository name for a queue manager is the name of a key ring in your RACF database. You can specify the key ring name either before or after creating the key ring.
Use the following procedure to create a new key ring for a queue manager:
RACDCERT ID(userid1) ADDRING(ring-name)
where:
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
c00stsz1 |