You can add a CA certificate to a queue manager by using the addcert
command on the command line.
Before you begin
The certificate file that you want to add to the key repository must be on the appliance
in the following location: mqpubcert:///. You can upload a file to this
location by using the copy command. For more information, see Uploading certificates to the appliance.
About this task
Any partners that communicate with the queue managers must have a copy of the CA
certificate of the CA that signed the certificate of the queue manager. For example, the partners
might be IBM MQ clients, or other queue managers.
If the partner queue manager is running on the IBM MQ Appliance, use the addcert
command to add the public part of the certificate to the key repository of the queue
manager.
Procedure
-
Enter the IBM MQ administration mode by
entering the following command:
-
Add the CA certificate by entering the following command:
addcert -m QMgrName -label Label -file
FileName
Where:
- QMgrName
- Specifies the name of the queue manager that you want to add the certificate to.
- Label
- Specifies the label that is associated with the certificate.
- For more information about valid syntax for the certificate label, see https://www.ibm.com/docs/SSFKSJ_9.4.0/secure/q014340_.html in the IBM MQ documentation.
- FileName
- Specifies the file that contains the certificate.
- The file must be available on the appliance. The file must be located in
mqpubcert:///
Note: You can specify a number of optional parameters when you add the certificate. For more
information, see
addcert (add certificate).
- Optional:
Exit the IBM MQ administration mode by
entering the following command: