Certificate management

MQe can use private or public key encryption for message level security using the MQeMTrustAttribute, and for queue based security using the MQeWTLSCertAuthenticator. Any entity, for example queue manager, queue, application, person, which needs private and public keys must have a private registry. When the registry is initialized it generates and stores the keys, if the associated information is supplied.

The private key is encrypted and stored directly in the registry. The public key is sent to the certificate server, which returns a public certificate containing the public key, and the registry stores the certificate. For message level security, the certificates must also be copied to public registries so that they are available to other entities that need them. This is not required for queue based security.

The certificate server normally issues certificates, which are valid for 12 months. The certificates cannot be used once they have expired, so it is important to keep track of the expiry dates and to renew the certificates before they expire.


Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.