You can revoke client and IBM MQ certificates in Self Service.
Before you begin
You must have the Organization
Administrator
role to revoke a certificate.
About this task
The IBM MQ certificates that you generate after the November 2020 release can be revoked. You can
use both the set of certificates but cannot revoke the IBM MQ certificates that are generated prior
to the November 2020 release. You must gradually migrate to the new IBM MQ certificates. For more
information, see Migrating MQ certificates.
Procedure
To revoke a certificate, complete the following steps.
-
Access Self Service with your
IBMid.
-
From the Self Service menu, click
Environments.
- From the list of environments, select an environment.
- In the Certificates tab, click
Inbound.
- Select the certificate type as Client certificates or
MQ certificates.
- Select a certificate that you want to revoke, and then click Revoke
certificate.
To revoke a certificate, you must enter your IBMid email address
to confirm your identity.
- If you revoke the IBM MQ certificates, click Apply changes.
In the
Apply IBM MQ certificate page, select the date and time at which you
want to start applying the certificates for your IBM MQ servers.
Note: If you select a date prior to
the current date, the process to apply changes is started immediately.
When you apply the IBM MQ certificates on the IBM MQ servers, the SSL enabled channels are cycled
and all IBM MQ clients need to reconnect. Therefore, you might want to schedule this action for a
low volume period of the day to minimize the impact of connections being reestablished.
When the change is scheduled, you can view it as a process in the queue. The following two
processes are run according to the schedule.
- The first process applies the new certificate to the truststore of IBM MQ.
- The second process refreshes the IBM MQ security and the channel bounces.
