Change the Message Queue Server Certificate

Implementation Guide › Changing CA ControlMinder Service Account Settings › Changing Message Queue Communication Settings › Change the Message Queue Server Certificate

Change the Message Queue Server Certificate

The Message Queue uses the server certificate for SSL communication between the Message Queue and its clients. The Message Queue clients are CA ControlMinder endpoints and CA ControlMinder Enterprise Management.

To change the Message Queue server certificate

Stop the CA ControlMinder Message Queue.
Create an X.509 server certificate.
We recommend that you create a .p12 format certificate.
Navigate to the following directory, where DistServer is the directory in which you installed the Distribution Server:
```
DistServer/MessageQueue/tibco/bin/ems
```
Enter the following command:
```
tibemsadmin -mangle password 
```
password

Specifies the password for the server certificate.

The password for the server certificate is encrypted.
Open the tibemsd.conf file in a text-based editor. The file is located in the following directory:
```
DistServer/MessageQueue/tibco/bin/ems
```
Change the value of the following parameters:

ssl_server_identity

Specifies the full path to the server certificate.

ssl_server_key

Specifies the full path to the server certificate key.

Note: Leave this parameter blank if you use a .p12 certificate.

ssl_password

Specifies the encrypted password for the server certificate.
Save and close the file.
The Message Queue server certificate is changed.
Restart the CA ControlMinder Message Queue.

Example: The tibemsd.conf file

The following is an example of the Message Queue server parameters in the tibemds.conf file for a .p12 server certificate. The password has been encrypted and is }>8:Jt^+%INK&i^v, and the ssl_server_key parameter has no value:

ssl_server_identity     = "C:\Program Files\CA\AccessControlServer\MessageQueue\conf\keystore.p12"
ssl_server_key          =
ssl_password            = }>8:Jt^+%INK&i^v