Adding the public part of a self-signed certificate

You can add the public part of a self-signed certificate to a queue manager by using the addcert command on the command line.

Before you begin

The certificate file that you want to add to the key repository must be on the appliance in the following location: mqpubcert:///. You can upload a file to this location by using the copy command. For more information, see Uploading certificates to the appliance.

About this task

You must add the public part of the certificate to the key repositories of any partners that communicate with the queue manager for which the certificate was created. For example, the partners might be IBM MQ clients, or other queue managers. If the partner queue manager is running on the IBM MQ Appliance, use the addcert command to add the public part of the certificate to the key repository of the queue manager.

Procedure

  1. Enter the IBM MQ administration mode by entering the following command:

    mqcli

  2. Add the public part of the self-signed certificate by entering the following command:

    addcert -m QMgrName -label Label -file FileName

    Where:
    QMgrName
    Specifies the name of the queue manager that you want to add the public part of a certificate to.
    Label
    Specifies the label that is associated with the certificate.
    FileName
    Specifies the file that contains the public part of the certificate.
    The file must be available on the appliance. The file must be located in mqpubcert://
    Note: You can specify a number of optional parameters when you add the public part of a certificate. For more information, see addcert (add certificate).
  3. Optional: Exit the IBM MQ administration mode by entering the following command:

    exit