Importing a personal certificate to your PKCS #11 hardware

 

Use the following procedure for either a queue manager or a WebSphere MQ client to import a personal certificate to your cryptographic hardware:

1. Perform the steps to work with your cryptographic hardware.

2. Click Receive. The Receive Certificate from a File window displays.

3. Select the Data type of the new personal certificate, for example Base64–encoded ASCII data for a file with the .arm extension.

4. Type the certificate file name and location for the new personal certificate, or click Browse to select the name and location.

5. Click OK. If you already have a personal certificate in your key database, a window appears, asking if you want to set the key you are adding as the default key in the database.

6. Click Yes or No. The Enter a Label window displays.

7. Type a label, for example the label you used when you requested the personal certificate. Note that the label must be in the correct WebSphere MQ format:

   • For a queue manager, ibmwebspheremq followed by the name of your queue manager folded to lower case. For example, for QM1, ibmwebspheremqqm1, or,

   • For a WebSphere MQ client, ibmwebspheremq followed by your logon user ID folded to lower case, for example ibmwebspheremqmyuserid.

8. Click OK. The Personal Certificates list shows the label of the new personal certificate you added. This label is formed by adding the cryptographic token label before the label you supplied.

 

Parent topic:

Managing certificates on PKCS #11 hardware

sy12410_