• 1 reply
  • Latest Post - ‏2017-02-28T05:37:25Z by ErolG
2 Posts

Pinned topic Import 'personal' certificate

‏2017-02-22T03:44:57Z |

Dumb question.  Can I import/use an existing CA signed certificate which we have, or do I have to create the certificate request from within MQ for some reason?

I ask, because I'm getting errors using the externally sourced certificate (AMQ9654).  I read the following in an MQ doc: "The key repository must be the same repository where you created the certificate request."

I was really hoping to use an existing certificate we have used with other applications within our organization, rather than having to create a new one.

I have added the CA cert to the key repositories as well.  Testing with self signed certificates (created in MQ key repository), I have no issues.   

Thanks for your insights,



  • ErolG
    3 Posts

    Re: Import 'personal' certificate


    Hi Jeff,


    If you create a blank key store (kdb) using the keyman tooling you have the option of creating a certificate request or importing in your own personal certificate which may have been signed by a different CA under the personal certificates drop down in keyman. All relevant public keys are to be added into the signer certificates section of the keystore to allow for mutual authentication. Please make sure you create a stash file as part of your keystore creation (sth). Re-iterate the point that you don't need to create a self-signed key request to import in a CA signed personal certificate, just make sure your keystore is new and has no new self-signed requests you have created yourself just import the .cer .der personal certificate into your keystore.