[AIX, Linux, Windows]

Adding default CA certificates into an empty key repository on AIX®, Linux®, and Windows

Follow this procedure to add one or more of the default certificate authority (CA) certificates to an empty key repository.

When you create a new key repository, it is empty. You can add default CA certificates to a key repository by using the runmqakm command.

Using runmqakm

Issue the following command to add default CA certificates to a key repository with the runmqakm command:
runmqakm -cert -populate -db filename -pw password
where:
-db filename
Specifies the fully qualified file name of the key repository.
-pw password
Specifies the password for the key repository.
Note: IBM® MQ trusts all certificates that are signed by the CA certificates in your key repository. Consider carefully which certificate authorities you want to trust and add only the CA certificates that are needed to authenticate your clients and queue managers. It is not recommended to add the full set of default CA certificates to a key repository.