Next-generation platform

Downloading inbound certificates

After you generate client and IBM MQ certificates, you can download these certificates from Self Service. You can then use these certificates for authentication to access the Sterling™ Order Management System application or IBM MQ servers.

Before you begin

You must have the Organization Administrator or the Developer role to download certificates.

Procedure

To download a certificate and then use it for authentication, complete the following steps.

  1. Access Self Service with your IBMid.
  2. From the Self Service menu, click Environments.
  3. From the list of environments, select an environment.
  4. In the Certificates tab, click Inbound.
  5. Select the certificate type as Client certificates or MQ certificates.
  6. Select a certificate and then click Download certificate.
  7. In the Download certificate page, enter the password for the .p12 certificate.
    The .p12 file is downloaded on your local machine.
    Note:

    By default, you can download client and MQ certificates multiple times, if required. However, if you want to restrict the option to download these certificates only once, an Organization Administrator can set the organization preference. For more information about the preference setting, see Configuring certificate download preference. When this configuration is enabled, after a certificate is downloaded, the private key of the certificate is deleted from the IBM system and the Download certificate option is disabled for subsequent downloads.

    The .p12 files that are downloaded are temporary files. If the Download certificate option is enabled for repeated downloads, it is recommended that you delete the file from your local machine after you import the .p12 file into your browser. If you need a copy of the .p12 file, you can download it again from Self Service.

    If you need the .p12 file repeatedly, it is recommended that you change the password for the file at regular intervals. One of the ways to change the password is to use the keytool command that is provided with the Java installation. For example, use the following command to create a new .p12 file with a new password:
    keytool -importkeystore -srckeystore <src p12 file> -srcstoretype PKCS12 -destkeystore <new p12 file> -destkeypass <new password> -deststorepass <new password> -deststoretype PKCS12
    where, value for the <new password> is the same for both instances.

    You can then delete the old file.

    For more information, see Accessing IBM Sterling Order Management System applications.