Private registry usage guide

Prior to using queue-based security, MQe-owned authenticatable entities must have credentials. This is achieved by completing the correct configuration so that auto-registration of queue managers is triggered. This requires the following steps:
  1. Setup and start an instance of MQe mini-certificate issuance service.
  2. Using MQe_MiniCertificateServer, add the name of the queue manager as a valid authenticatable entity, and the entity's one-time-use certificate request PIN.
  3. Configure MQePrivateClient1.ini and MQePrivateServer1.ini so that when queue managers are created using SimpleCreateQM, auto-registration is triggered. This section explains which keywords are required in the registry section of the ini files, and where to use the entity's one-time-use certificate request PIN.

Prior to using message-level security to protect messages using MQeMTrustAttribute, the application must use private registry services to ensure that the initiating and recipient entities have credentials. This requires the following steps:

  1. Setup and start an instance of MQe mini-certificate issuance service.
  2. Add the name of the application entity, and allocate the entity a one-time-use certificate request PIN.
  3. Use a program similar to the pseudo-code fragment below to trigger auto-registration of the application entity . This creates the entity's credentials and saves them in its private registry.
/* SIMPLE MQePrivateRegistry FRAGMENT  */
    MQePrivateRegistryHndl preg;
    MQERETURN rc;
    MQeExceptBlock exceptBlock;

         /* setup PrivateRegistry parameters  */
         rc = mqePrivateRegistry_new(&Block, &preg);
         rc = mqePrivateRegistry_activate(
      preg,
      &Block,
      MQeString("Bruce"),              /* entity name  */
                  MQeString(".\\MQeNode_PrivateRegistry"),   
              /* directory root  */
                  MQeString("11111111"),             
              /* private reg access PIN     */
                  MQeString("It_is_a_secret"),       
              /* private credential keyseed */
                  MQeString("12345678"),            
              /* on-time-use Cert Req PIN   */
                  MQeString("9.20.X.YYY:8082"));      
              /* addr and port MiniCertSvr  */
  /* SIMPLE MQePrivateRegistry FRAGMENT*/
    try 
       {
       /* setup PrivateRegistry parameters  */
       String EntityName         = "Bruce";
       String EntityPIN            = "11111111";
       Object KeyRingPassword       = "It_is_a_secret";
       Object CertReqPIN            = "12345678";
       Object CAIPAddrPort          = "9.20.X.YYY:8082";
       /* instantiate and activate a 
        Private Registry. */
       MQePrivateRegistry preg  = new MQePrivateRegistry( );
       preg.activate( EntityName,        
      /* entity name                */
                      ".//MQeNode_PrivateRegistry", 
      /* directory root  */
                      EntityPIN,        
      /* private reg access PIN     */
                      KeyRingPassword,  
      /* private credential keyseed */
                      CertReqPIN,        
      /* on-time-use Cert Req PIN   */
                      CAIPAddrPort );    
      /* addr and port MiniCertSvr  */
       trace(">>> PrivateRegistry activated OK ..."); 
       }
    catch (Exception e)
       {
       e.printStackTrace( );
       }

Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.