IBM MQ SSL Client utility (amqrsslc) for IBM i
The IBM® MQ SSL Client utility (amqrsslc) for IBM i is used by the IBM MQ MQI client on IBM i systems to register or unregister the client user profile, or stash the certificate store password. The utility can only be run by a user with a profile with *ALLOBJ special authority or a member of QMQMADM that has options to create or delete application registrations in the Digital Certificate Manager (DCM).
Syntax diagram
Register the client user profile
If the IBM MQ MQI client is using the *SYSTEM certificate store, you must register the client user profile (logon user) for use as an application with Digital Certificate Manager (DCM).
CALL PGM(QMQM/AMQRSSLC) PARM('-r' UserProfile)
CALL PGM(QMQM/AMQRSSLC) PARM('-r')
Unregister the client user profile
To unregister the client profile, run the amqrsslc program with the -u option with UserProfile. The user profile used when calling amqrsslc must have *USE authority. Providing the UserProfile with the -u option unregisters UserProfile with label QIBM_WEBSPHERE_MQ_UserProfile from the DCM.
CALL PGM(QMQM/AMQRSSLC) PARM('-u' UserProfile)
CALL PGM(QMQM/AMQRSSLC) PARM('-u')
Stash the certificate store password
If the IBM MQ MQI client is not using the *SYSTEM certificate store and using another certificate store (that is, MQSSLKEYR is set to value other than *SYSTEM), then the password of the key database can be stashed so that it does not need to be specified by the client application when it runs.
Use the -s option to stash the password of the key database. Specify the full path and name of the key database. If the file extension is not supplied, it is assumed to be .kdb.
CALL PGM(QMQM/AMQRSSLC) PARM('-s' '/Path/Of/KeyDatabase/MyKey')
Running this code results in a request for the password of this key database. This password is stashed in a file with the same name as key database with an .sth extension.
Additionally, the initial key to encrypt the password can be specified. The initial key should be stored in a file as a single line of text and then the location of that file is supplied to the program through the -sf flag. If no initial key file is supplied a default key is used to encrypt the password.
The stash file is stored on the same path as the key database. The code example generates a stash file of /Path/Of/KeyDatabase/MyKey.sth.
QMQM is the user owner and QMQMADM the group owner for this file. QMQM and QMQMADM have read, write permission, and other profiles have only read permission.