Receiving a CA-signed certificate

You can receive a CA-signed certificate into the key repository of a queue manager by using the receivecert command on the command line.

Before you begin

The certificate file that you want to receive must be on the appliance in the following location: mqpubcert:///. You can upload a file to this location by using the copy command. For more information, see Uploading certificates to the appliance.

About this task

After you receive the signed certificate from the certificate authority, you must add the certificate to the key repository of the queue manager for which it was signed. You can add the certificate to the key repository by using the receivecert command.

Procedure

  1. Enter the IBM MQ administration mode by entering the following command:

    mqcli

  2. Receive the certificate by entering the following command:

    receivecert -m QMgrName -file FileName

    Where:
    QMgrName
    Specifies the name of the queue manager for which you want to receive the certificate.
    FileName
    Specifies the name of the file that contains the certificate.
    The file must be available on the appliance. The file must be located in mqpubcert:///
    Note: You can specify a number of optional parameters when you receive a certificate. For more information, see receivecert (receive certificate).
  3. Optional: Exit the IBM MQ administration mode by entering the following command:

    exit

What to do next

After the certificate is received, you must add the CA certificate that signed the CA-signed certificate to the key repository of any communicating partners. For example, you can add the public part of the certificate to IBM MQ clients or to other queue managers. You can add the CA certificate to other queue managers on the IBM MQ Appliance by using the addcert command. For more information, see Adding a CA certificate.