[AIX, Linux, Windows]

Managing keys and certificates on AIX, Linux, and Windows

On AIX®, Linux®, and Windows, use the runmqckm and runmqakm commands to manage keys, certificates, and certificate requests.

The runmqckm and runmqakm commands provide functions that are similar to those of iKeyman, described in Securing IBM MQ. To use these commands, ensure that the systems environment variables are correctly configured. For primary installations of IBM WebSphere® MQ 7.1, or later, you can run the setmqinst command.

The runmqckm command requires the IBM MQ JRE component to be installed. If this component is not installed you can use the runmqakm command instead.

If you need to manage TLS certificates in a way that is FIPS compliant, use the runmqakm command instead of the runmqckm command. This is because the runmqakm command supports stronger encryption.

Use the runmqckm and runmqakm commands to do the following:
  • Create the type of CMS key database files that IBM MQ requires
  • Create certificate requests
  • Import personal certificates
  • Import CA certificates
  • Manage self-signed certificates