recreatecertrequest (re-create certificate request)

Re-create a certificate request for a specific queue manager.

Purpose

You can use the recreatecertrequest command to re-create a certificate request. The certificate request can then be sent to a CA to be renewed.

Syntax

Read syntax diagramSkip visual syntax diagram recreatecertrequest -m QMgrName -labelLabel-sig_algHashAlgorithm-ku Usage-eku Usage-san_dnsname DNSNames-san_ipaddrIPAddresses

Parameters

-m QMgrName
Specifies the name of the queue manager for which the certificate request is re-created.
The queue manager must exist.
-label Label
Specifies the label that is associated with the certificate request.
The default value is ibmwebspheremqQMgrName, where QMgrName is the name of the queue manager in lowercase.
-sig_alg HashAlgorithm
Specifies the signing algorithm that is used to create the signature that is associated with the new certificate.
HashAlgorithm can be one of the following values:

md5, MD5_WITH_RSA, MD5WithRSA, SHA_WITH_DSA, SHA_WITH_RSA, sha1, SHA1WithDSA, SHA1WithECDSA, SHA1WithRSA, sha224, SHA224_WITH_RSA, SHA22WithRSA, SHA224WithECDSA, SHA224WithRSA, sha256, SHA256_WITH_RSA, SHA256WithRSA, SHA256WithECDSA, SHA256WithRSA, , sha384, SHA384_WITH_RSA, SHA384WithECDSA, SHA384WithRSA, sha512, SHA512_WITH_RSA, SHA512WithECDSA, SHA512WithRSA, SHAWithDSA, SHAWithRSA , EC_ecdsa_with_SHA1, EC_ecdsa_with_SHA224, EC_ecdsa_with_SHA256, EC_ecdsa_with_SHA384, or EC_ecdsa_with_SHA512.

sha3_256, SHA3_256WithRSA, sha3_384, SHA3_384WithRSA, sha3_512, SHA3_512WithRSA, SHA3_256WithRSASSAPSS, SHA3_384WithRSASSAPSS, SHA3_512WithRSASSAPSS, SHA3_256WithECDSA, SHA3_384WithECDSA, SHA3_512WithECDSA, RSASSAPSS, SHA256WithRSASSAPSS, SHA384WithRSASSAPSS, SHA512WithRSASSAPSS.

The default value is SHA256WithRSA.
-ku Usage
Specifies a list of valid uses for the certificate.
To specify more than one use, enter each value in a comma-separated list.
-eku Usage
Specifies a list of valid uses for the certificate.
To specify more than one use, enter each value in a comma-separated list.
-san_dnsname DNSNames
Specifies the Subject Alternative Name (SAN) DNS names for the certificate that is created.
To specify more than one DNS name, enter each value in a comma-separated list.
-san_ipaddr IPAddresses
Specifies the Subject Alternative Name (SAN) IP addresses for the certificate that is created.
To specify more than one IP address, enter each value in a comma-separated list.

Usage notes

  • This command must be run from the IBM® MQ administration mode. If the system is in the IBM MQ administration mode the prompt includes mq. To enter the IBM MQ administration mode, enter mqcli on the command line. To exit the IBM MQ administration mode, enter exit on the command line.

Examples

  • The following command re-creates a certificate request for the queue manager QM1 : 
    recreatecertrequest -m QM1

Related commands