Using certificates for the managed .NET client

For client certificates, the IBM® MQ managed .NET client accesses the Windows keystore and loads all of the client's certificates that are matched either by certificate label or matched by the string.

When selecting a certificate to use, the IBM MQ managed .NET client always uses the first matching certificate for the SSLStream TLS handshake.

Matching certificates by certificate label

If you set the certificate label, the IBM MQ managed .NET client searches the Windows certificate store with the given label name to identify the client certificate. It loads all matching certificates and uses the first certificate on the list. There are two options for setting the certificate label:
  • The certificate label can set on the MQEnvironment class accessing MQEnvironment.CertificateLabel.
  • The certificate label can also be set in a hash table properties, supplied as input parameter with MQQueueManager constructor as shown in the following example.
    Hashtable properties = new Hashtable();
    properties.Add("CertificateLabel", "mycert");
    The name("CertificateLabel") and the value are case sensitive.

Matching certificates by string

If certificate label is not set, then the certificate that matches the string "ibmwebspheremq" and the current logged on user (in lowercase) is searched for and used.