Using iKeyman, iKeycmd, runmqakm, and runmqckm

On UNIX, Linux® and Windows systems, manage keys and digital certificates with the iKeyman GUI or from the command line using iKeycmd or runmqakm.

  • For UNIX and Linux systems:
    • Use the strmqikm command to start the iKeyman GUI.
    • Use the runmqckm command to perform tasks with the iKeycmd command line interface.
    • Use the runmqakm command to perform tasks with the runmqakm command line interface. The command syntax for runmqakm is the same as the syntax for runmqckm.

      If you need to manage SSL certificates in a way that is FIPS compliant, use the runmqakm command instead of the runmqckm or strmqikm commands.

    See Managing keys and certificates for a full description of the command line interfaces for the runmqckm and runmqakm commands.

    If you are using certificates or keys stored on PKCS #11 cryptographic hardware, note that iKeycmd and iKeyman are 64-bit programs. External modules required for PKCS #11 support will be loaded into a 64-bit process, therefore you must have a 64-bit PKCS #11 library installed for the administration of cryptographic hardware. The Windows and Linux x86 32-bit platforms are the only exceptions, as the iKeyman and iKeycmd programs are 32-bit on those platforms.

    On the following platforms, where the JRE was 32 bit in earlier versions of the product, but is 64 bit only in IBM® WebSphere® MQ Version 7.5, you might need to install additional PKCS#11 drivers appropriate for the addressing mode of the iKeyman and iKeycmd JRE. This is because the PKCS#11 driver must use the same addressing mode as the JRE. The following table shows the IBM WebSphere MQ Version 7.5 JRE addressing modes.
    Table 1. IBM WebSphere MQ Version 7.5 JRE addressing modes
    Platform JRE Addressing Mode
    Windows (32 bit or 64 bit) 32
    Linux for System x 32 bit 32
    Linux for System x 64 bit 64
    Linux for System p 64
    Linux for System z 64
    HP-UX 64
    Solaris Sparc 64
    Solaris x86-64 64
    AIX® 64
    Before you run the strmqikm command to start the iKeyman GUI, ensure you are working on a machine that is able to run the X Window System and that you do the following:
    • Set the DISPLAY environment variable, for example: 
      
export DISPLAY=mypc:0
    • Ensure that your PATH environment variable contains /usr/bin and /bin. This is also required for the runmqckm and runmqakm commands. For example: 
      export PATH=$PATH:/usr/bin:/bin
  • For Windows systems:
    • Use the strmqikm command to start the iKeyman GUI.
    • Use the runmqckm command to perform tasks with the iKeycmd command line interface.

      If you need to manage SSL certificates in a way that is FIPS compliant, use the runmqakm command instead of the runmqckm or strmqikm commands.

To request SSL tracing on UNIX, Linux or Windows systems, see strmqtrc.