Previous Topic: Change the Message Queue Administrator PasswordNext Topic: Change the Password for the Message Queue SSL Keystore


Change the Message Queue Server Certificate

The Message Queue uses the server certificate for SSL communication between the Message Queue and its clients. The Message Queue clients are CA ControlMinder endpoints and CA ControlMinder Enterprise Management.

To change the Message Queue server certificate

  1. Stop the CA ControlMinder Message Queue.
  2. Create an X.509 server certificate.

    We recommend that you create a .p12 format certificate.

  3. Navigate to the following directory, where DistServer is the directory in which you installed the Distribution Server:
    DistServer/MessageQueue/tibco/bin/ems
    
  4. Enter the following command:
    tibemsadmin -mangle password 
    
    password

    Specifies the password for the server certificate.

    The password for the server certificate is encrypted.

  5. Open the tibemsd.conf file in a text-based editor. The file is located in the following directory:
    DistServer/MessageQueue/tibco/bin/ems
    
  6. Change the value of the following parameters:
    ssl_server_identity

    Specifies the full path to the server certificate.

    ssl_server_key

    Specifies the full path to the server certificate key.

    Note: Leave this parameter blank if you use a .p12 certificate.

    ssl_password

    Specifies the encrypted password for the server certificate.

  7. Save and close the file.

    The Message Queue server certificate is changed.

  8. Restart the CA ControlMinder Message Queue.

Example: The tibemsd.conf file

The following is an example of the Message Queue server parameters in the tibemds.conf file for a .p12 server certificate. The password has been encrypted and is }>8:Jt^+%INK&i^v, and the ssl_server_key parameter has no value:

ssl_server_identity     = "C:\Program Files\CA\AccessControlServer\MessageQueue\conf\keystore.p12"
ssl_server_key          =
ssl_password            = }>8:Jt^+%INK&i^v