![[UNIX, Linux, Windows]](ngulw.gif)
Configuring for cryptographic hardware on UNIX, Linux, and Windows
You can configure cryptographic hardware for a queue manager or client in a number of ways.
You can configure cryptographic hardware for a queue manager on UNIX, Linux®, and Windows using either of the following methods:
- Use the ALTER QMGR MQSC command with the SSLCRYP parameter, as described in ALTER QMGR.
- Use IBM® MQ Explorer to configure the cryptographic hardware on your UNIX, Linux or Windows system. For more information, refer to the online help.
You can configure cryptographic hardware for an IBM MQ client on UNIX, Linux, and Windows using either of the following methods:
- Set the MQSSLCRYP environment variable. The permitted values for MQSSLCRYP are the same as for
the SSLCRYP parameter, as described in ALTER QMGR.
If you use the GSK_PKCS11 version of the SSLCRYP parameter, the PKCS #11 token label must match the label you configured your hardware with.
- Set the CryptoHardware field of the SSL configuration options structure, MQSCO, on an MQCONNX call. For more information, see Overview for MQSCO.
If you have configured cryptographic hardware which uses the PKCS #11 interface using any of these methods, you must store the personal certificate for use on your channels in the key database file for the cryptographic token you have configured. This is described in Managing certificates on PKCS #11 hardware.