Requesting a personal certificate for your PKCS #11 hardware

 

Use the following procedure for either a queue manager or a WebSphere MQ client to request a personal certificate for your cryptographic hardware:

1. Perform the steps to work with your cryptographic hardware.

2. From the Create menu, click New Certificate Request. The Create New Key and Certificate Request window displays.

3. In the Key Label field, type:

   • For a queue manager, ibmwebspheremq followed by the name of your queue manager folded to lower case. For example, for QM1, ibmwebspheremqqm1, or

   • For a WebSphere MQ client, ibmwebspheremq followed by your logon user ID folded to lower case, for example ibmwebspheremqmyuserid.

4. Type a Common Name and Organization, and select a Country. For the remaining optional fields, either accept the default values, or type or select new values. Note that we can supply only one name in the Organizational Unit field. For more information about these fields, refer to Distinguished Names.

5. In the Enter the name of a file in which to store the certificate request field, either accept the default certreq.arm, or type a new value with a full path.

6. Click OK. A confirmation window displays.

7. Click OK. The Personal Certificate Requests list shows the label of the new personal certificate request you created. The certificate request is stored in the file you chose in step 5.

8. Request the new personal certificate either by sending the file to a Certification Authority (CA), or by copying the file into the request form on the Web site for the CA.

 

Parent topic:

Managing certificates on PKCS #11 hardware

sy12400_