Follow this procedure to create a certificate signed by your local certificate authority
(CA), or to apply for a server certificate signed by a commercial CA for import into a key
repository on other platforms.
About this task
A user certificate must be used when the Digital Certificate Manager (DCM) serves as the
certificate manager for IBM® MQ on multiple platforms. For
personal certificates that are distributed to other platforms and imported into a key repository,
perform the following steps in a web browser:
Procedure
-
Access the DCM interface, as described in Accessing DCM.
-
In the navigation pane, click Create
Certificate.
The Create Certificate page is displayed in the task frame.
-
On the Create Certificate panel, select the User
certificate radio button and click Continue.
The Create User Certificate page is displayed.
-
On the Create User Certificate panel, complete the required fields under
Certificate Information for Organization name, State
or province, Country or region.
Optionally, put values in the Organization unit and
Locality or city fields. Click
Continue.
The Common name is automatically set to the user ID with which you are
logged on to the iSeries system.
-
On the next Create User Certificate panel, click Install
certificate and click Continue.
A message is displayed stating, Your personal certificate has been installed. You
should keep a backup copy of this certificate.
-
Click OK.
-
Depending on the web browser that you used to access DCM, complete one of the following
steps:
- For Microsoft Edge choose:
Tools>Internet Options>Content tab>Certificates button>Personal tab>. Select
the certificate and click Export.
- For Mozilla Firefox choose: Tools>Options>Advanced>Encryption tab>View
Certificates button>Your Certificates tab>. Select the certificate and click
Backup. Select the path and filename and click
OK.
-
Transfer the exported certificate to the remote system using FTP in binary format.
-
Import the certificate that was exported in step 7 to the key
repository on the remote system.
During the import, ensure that the label name of the personal certificate and the
signer certificate are changed to the value that
IBM MQ
expects. The label must be either the value of the
IBM MQ
queue manager
CERTLABL attribute, if it is set, or the default value of
ibmwebspheremq
with the name of the queue manager appended, all in lowercase. For
more information, see
Digital certificate
labels.