In this example MQ WebSphere is set up with CA Top Secret generated self-signed certificates:
TSS GENCERT(MQCHIN1) DIGICERT(MCI1CERT)
SUBJECTN('o="COMPANYA"
CN=" MQCHIN1 selfsigned cert"
OU="SYSTEMSDEPT" C="US" ')
LABLCERT('ibmWebSphereMQCSQ1')
A self signed certificate is generated where:
TSS ADD(dept) IBMFAC(IRR.DIGTCERT) <---(skip if previously done)
TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.LISTRING)
ACCESS(UPDATE)
TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.LIST)
ACCESS(UPDATE)
TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.GENCERT)
ACCESS(UPDATE)
The acid is authorized to read digital certificates.
Note: If the owner of the client/personal certificate is ACID CERTSITE, specify ACCESS(CONTROL) on the PERMIT commands.
TSS ADD(MQCHIN1) KEYRING(MCI1RING)
LABLRING(MCI1RING)
The MQ Channel Initiator's KEYRING is created where MCI1RING is the KEYRING name and the KEYRING label name.
TSS ADD(MQCHIN1) KEYRING(MCI1RING)
RINGDATA(MQCHIN1,MCI1CERT)
USAGE(PERSONAL)
The certificate is added to the KEYRING.
ALTER QMGR SLKEYR(MCI1RING)
The queue manager's KEYRING is specified.
TSS EXPORT(MQCHIN1) DIGICERT(MCI1CERT)
DCDSN('MQCHIN1.CERT')
The certificate is exported to a dataset called 'MQCHIN1.CERT'.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|