Creating a new certificate store
You create a new certificate store only if you do not want to use the i5/OS(TM)
default certificate store.
You can specify that the i5/OS system certificate store is to be used
by changing the value of the queue manager's SSLKEYR attribute to *SYSTEM.
This value indicates that the queue manager will use the system certificate
store, and the queue manager is registered for use as an application with
Digital Certificate Manager (DCM).
Use the following procedure to create a new certificate store for a queue
manager:
- Access the DCM interface, as described in Accessing DCM.
- In the navigation panel, click Create New Certificate
Store. The Create New Certificate Store page displays in the task frame.
- In the task frame, select the Other System Certificate
Store radio button. Click Continue. The Create
a Certificate in New Certificate Store page displays in the task frame.
- Select the No - Do not create a certificate in the certificate
store radio button. Click Continue. The Certificate
Store Name and Password page displays in the task frame.
- In the Certificate store path and filename field,
type an IFS path and filename, for example /QIBM/UserData/mqm/qmgrs/qm1/key.kdb
-
Type a password in the Password field
and type it again in the Confirm Password field. Click Continue. A window displays, containing a list of the CA
certificates that are pre-installed in the certificate store. This list includes
the certificate for the local CA, if you have created one. Make
a note of the password (which is case sensitive) because you will need it
when you stash the repository key.
- To exit from DCM, close your browser window.
When you have created the certificate store using DCM, ensure you stash
the password, as described in Stashing the certificate store password.