Private registries

Some security properties, such as com.ibm.mqe.attributes.MQeWTLSCertAuthenticator, prerequisite an appropriate private registry where the entity's private/public keys can be found, and, in some cases, the queue manager's public registry where foreign entities' public keys can be found. This happens when a security attribute uses a public/private key based algorithm to perform encryption/authentication.

There are two types of private registries, queue manager owned and queue owned, and each private registry only stores its owner's security credentials. The queue manager's credential, however, can be shared by the queues it owes. For this reason, if the com.ibm.mqe.attributes.MQeWTLSCertAuthenticator class authenticator is used, an additional parameter "target registry" on the queue attribute that the authenticator is attached to must also be set. This parameter determines which registry is to supply the credentials for authentication, and can have the value of either "Queue manager" or "Queue".

If "Queue manager" is specified, the credentials used are those of the queue manager owning the queue, and come from the private registry of the queue manager. The queue manager originally obtains these credentials through auto-registration with the mini-certificate server. This option is the recommended default.

If "Queue" is specified, the credentials used are those of the queue itself, and come from the private registry of the queue. The queue originally obtains these credentials through auto-registration with the mini-certificate server as well.

See Mini-certificate issuance service for issues related to mini-certificate management.


Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.