Did you know that you can view your queue manager's personal certificate simply by using your browser?
When you set up SSL, any time the certificate keystore is altered in any way, the queue manager's cache must be updated. This is done by either restarting the queue manager, or by running the mqsc command:
REFRESH SECURITY TYPE(SSL)
If you forget the use the TYPE parameter, the SSL cache is not updated for the queue manager will not be aware of the changes made to the keystore.
When it comes time to renew or replace your certificate, you might want to confirm that the new certificate is being used by the queue manager rather than the old one.
Here you will find simple instructions for viewing the certificate your queue manager has loaded into its cache using Firefox:
1. Open your browser and in the address bar, enter the url to your queue manager host and port, using the HTTPS protocol as in the following example:
2. You may receive an exception warning you about the certificate if your browser cannot validate the certificate, however, choose accept the exception in order for the browser to continue to secure the connection.
If you have installed the root and intermediary certificates on the client machine you are testing from, the exception message may not appear.
Proceed to the next step.
3. Next, you will get the following error message on the browser screen:
4. You will notice in the address bar, a padlock symbol. Click the symbol to see details about the secure session. The results will look like this:
Click the "More Information" button to see technical details about the connection and certificate:
Now you can click the "View Certificate" button to see the details including validity dates of your queue manager's certificate:
And that's it! You can use similar instructions with any browser to check your queue manager's personal certificate.