Certificate requirements for AMS
Certificates must have an RSA public key in order to be used with Advanced Message Security.
For more information about different public key types and how to create them, see Digital certificates and CipherSpec compatibility in IBM MQ.
Key usage extensions
Key usage extensions place additional restrictions on the way a certificate can be used.
In IBM MQ Advanced Message Security,
the key usage must be set as following: for certificates in X.509 V3 or later standard that are used
for the quality of protection integrity, if the key usage extensions are set, they must include at
least one of the two:
For the quality of protection privacy, if the key usage extensions are set, they must also
include the keyEncipherment extension. - nonRepudiation
- digitalSignature