[UNIX, Linux, Windows]

Using the strmqikm user interface

You can create a personal certificate by using the strmqikm (iKeyman) GUI.

About this task

strmqikm does not provide a FIPS-compliant option. If you need to manage TLS certificates in a way that is FIPS-compliant, use the runmqakm command.

Procedure

Complete the following steps to create a personal certificate for your queue manager or IBM® MQ MQI client by using the graphical user interface:

  1. Start the GUI by using the strmqikm command.
  2. From the Key Database File menu, click Open.
    The Open window displays.
  3. Click Key database type and select CMS (Certificate Management System).
  4. Click Browse to navigate to the directory that contains the key database files.
  5. Select the key database file from which you want to generate the request; for example, key.kdb.
  6. Click OK.
    The Password Prompt window opens.
  7. Type the password you set when you created the key database and click OK.
    The name of your key database file is shown in the File Name field.
  8. From the Create menu, click New Self-Signed Certificate. The Create New Self-Signed Certificate window is displayed.
  9. In the Key Label field, enter the certificate label.
    The label is either the value of the CERTLABL attribute, if it is set, or the default ibmwebspheremq with the name of the queue manager or IBM MQ MQI client logon user ID appended, all in lowercase. See Digital certificate labels for details.
  10. Type or select a value for any field in the Distinguished name field, or any of the Subject alternative name fields.
  11. For the remaining fields, either accept the default values, or type or select new values.
    For more information about Distinguished Names, see Distinguished Names.
  12. Click OK.
    The Personal Certificates list shows the label of the self-signed personal certificate you created.

What to do next

Submit a certificate request to a CA. See Receiving personal certificates into a key repository on UNIX, Linux, and Windows for further information.