Setting up a key repository

An SSL connection requires a key repository at each end of the connection. Each queue manager must have access to a key repository. See The SSL key repository for more information.

On i5/OS(TM), digital certificates are stored in a certificate store that is managed with DCM. These digital certificates have labels, which associate a certificate with a queue manager. SSL uses the certificates for authentication purposes.

The queue manager certificate store name comprises a path and stem name. The default path is /QIBM/UserData/ICSS/Cert/Server/ and the default stem name is Default. On i5/OS, the default certificate store, /QIBM/UserData/ICSS/Cert/Server/Default.kdb, is also known as *SYSTEM. Optionally, you can choose your own path and stem name.

Working with a key repository tells you about checking and specifying the certificate store name. You can specify the certificate store name either before or after creating the certificate store.

Note:
The operations you can perform with DCM might be limited by the authority of your user profile. For example, you require *ALLOBJ and *SECADM authorities to create a CA certificate.