amqccert (check certificate chains)

Purpose

The amqccert command applies to WebSphere MQ for Windows only.

The amqccert command is used during SSL Certificate Migration from WebSphere MQ for Windows Version 5.3, or Version 5.3.1. SSL Certificate Migration instructions are detailed in the WebSphere MQ Migration Information.

In this section when referring to a WebSphere MQ Certificate Store file, we are specifically referring to a WebSphere MQ for Windows Version 5.3, or Version 5.3.1, Certificate Store file.

To use amqccert you must be either an administrator or a member of the mqm group.

The amqccert control command is used to determine whether there are any incomplete certificate chains in a WebSphere MQ Certificate Store file. A report is generated that lists each incomplete certificate chain accompanied by information relating to the certificate chain.

Incomplete certificate chains must be completed before the SSL Certificate Migration process can continue. The following are available with WebSphere MQ for Windows Version 5.3, and Version 5.3.1, to help complete certificate chains:

Syntax

Read syntax diagramSkip visual syntax diagram>>-amqccert--FileName------------------------------------------><

Required parameters

FileName
Specifies is the absolute (rather than relative) directory path name and filename (excluding the .sto suffix) of a WebSphere MQ Certificate Store.

Examples

In the following example reports the term, Microsoft(R) Certificate Store, refers to a WebSphere MQ Certificate Store file.

amqccert C:\SSL\Client
Generates a report that details whether there are any incomplete certificate chains.

The following is an example of a report that details no incomplete certificate chains:

C:\ssl\client
5724-B41 (C) Copyright IBM Corp. 1994, 2005.  ALL RIGHTS RESERVED.
The number of certificates in the Microsoft Certificate Store 
                                           'c:\ssl\client' is '13'.

Certificate chain checking has completed with no failures.
The Check Certificate Chains (amqccert) command has completed.

The following is an example of a report the details two incomplete certificate chains:

C:\ssl\client
5724-B41 (C) Copyright IBM Corp. 1994, 2005.  ALL RIGHTS RESERVED.
The number of certificates in the Microsoft Certificate Store 
                                           'c:\ssl\client' is '13'.

The signer certificate 'GlobalSign Primary Class 1 CA' is missing for 
                                            the following certificate.
Microsoft Certificate Store: 'c:\ssl\client'.
Certificate Subject:         'GlobalSign PersonalSign Class 1 CA'.
Certificate Issuer:          'GlobalSign Primary Class 1 CA'.
Certificate Serial Number:   '0400 0000 0000 FA3D EEE9 D9'.
Certificate Valid From:      '22/01/2004' to '28/01/2009'.

The signer certificate 'GlobalSign PersonalSign Class 1 CA' is missing 
                                         for the following certificate.
Microsoft Certificate Store: 'c:\ssl\client'.
Certificate Subject:         'wm.shakespeare@hamlet.com'.
Certificate Issuer:          'GlobalSign PersonalSign Class 1 CA'.
Certificate Serial Number:   '0100 0000 0001 0170 978B 1E'.
Certificate Valid From:      '14/01/2005' to '14/02/2005'.

Certificate chain checking has completed with some failures.
The Check Certificate Chains (amqccert) command has completed.

Return codes

1 amqccert command usage error
2 User not authorized to run amqccert command
3 WebSphere MQ Certificate Store file not found
4 WebSphere MQ Certificate Store file is empty
5 WebSphere MQ Certificate Store file cannot be opened
6 No memory to allocate tables for storing root/intermediate certificates
7 Certificate is either an orphan or has expired
8 Windows operation failed

Related commands

amqtcert Transfer certificates