Adding default CA certificates into an empty key repository on AIX®, Linux®, and Windows
Follow this procedure to add one or more of the default certificate authority (CA) certificates to an empty key repository.
When you create a new key repository, it is empty. You can add default CA certificates to a key repository by using the runmqakm command.
Using runmqakm
Issue the following command to add default CA certificates to a key repository with the
runmqakm
command:
runmqakm -cert -populate -db filename -pw password
where:- -db filename
- Specifies the fully qualified file name of the key repository.
- -pw password
- Specifies the password for the key repository.
Note: IBM® MQ trusts all certificates that are
signed by the CA certificates in your key repository. Consider carefully which certificate
authorities you want to trust and add only the CA certificates that are needed to authenticate your
clients and queue managers. It is not recommended to add the full set of default CA certificates to
a key repository.