Installation – IBM WebSphere MQ

This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, VeriSign recommends that you contact either the vendor of your software or an organization that supports IBM WebSphere 5.1.

Step 1: Install CA Certificate

Secure Site
If you are installing a Secure Site Certificate, you need to first install the Secure Site Intermediate CA Certificate.

Secure Site Pro
If you are installing a Secure Site Pro Certificate, you need to first install the Secure Site Pro Intermediate CA Certificate.

1. Start the key management utility (iKeyman). To start the iKeyman graphical user interface:

Windows: go to the start UI and select Start Key Management Utility

AIX, Linux or Solaris: type ikeyman on the command line

2. Open the key database file that was used to create the certificate request.

3. Enter the password, then click OK.

4. Select Signer Certificates, then click Add.

5. Click Data Type and select a data type, such as Base64-encoded ASCII data. This data type must match the data type of the importing certificate.

6. Enter a file name and location for the CA root digital certificate or click Browse to select a file name and location.

7. Click OK.

8. Enter a label for importing certificate.

9. Click OK.

The Signer Certificates field displays the label of the signer certificate you added.

Using the iKeycmd (command line interface)

To Add a certificate from a file into a key database:

gsk7cmd -cert -add -db filename -pw password -label label -file filename -format ascii

Where:

file filename is the fully qualified file name of the file containing the Intermediate CA certificate.

db filename is the fully qualified file name of a CMS key database.

pw password is the password for the CMS key database.

format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii.

Step 2: Install the SSL Certificate

VeriSign will email you your certificate. If the certificate is an attachment (Cert.cer), you can use the file. If the certificate is in the body of the email, copy and paste it into a text file (such as OriginalCert.txt) using vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters.

Confirm that there are no extra lines or spaces in the file.

Installing the certificate

Using the iKeyman graphical user interface (GUI) After VeriSign sends you an SSL certificate, you add it to the key database file from which you generated the CSR. If VeriSign sends you the SSL certificate as part of an email, copy the certificate into a separate file. If necessary, move the file to the server machine.

1. Start the key management utility (iKeyman). To start the iKeyman graphical user interface:

Windows: go to the start UI and select Start Key Management Utility

AIX, Linux or Solaris: type ikeyman on the command line

2. Choose Open from the Key Database File menu. Click Key database type, and select CMS.

3. Click Browse to navigate to the directory containing the key database files.

4. Select the key database file to which you want to add the certificate. For example, key.kdb.

5. Click Open

6. In the Password Prompt window, type the password you set when you created the key database and then click OK.

7. Select the Personal Certificates view.

8. Click Receive

9. In the Receive certificate from a file window, select the data type of the new SSL certificate. For example, Base64-encoded ASCII for a file with the .arm extension.

10. Click Browse to select the name and location of the certificate file name.

11. Click OK

Using the iKeycmd (command line interface)

To install a certificate in iKeycmd (using UNIX command line), use these commands:

gsk7cmd -cert -receive -file filename -db filename -pw password -format ascii

To install a certificate in iKeycmd (using Windows command line), use these commands:

runmqckm -cert -receive -file filename -db filename -pw password -format ascii

Where:

file filename is the fully qualified file name of the file containing the personal certificate.

db filename is the fully qualified file name of a CMS key database.

pw password is the password for the CMS key database.

format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii.

Transferring certificates

You can extract an SSL certificate from a key database file and store it in a CA key ring file by performing the following steps:

Using the iKeyman graphical user interface (GUI)

1. Start the iKeyman graphical user interface (GUI) using either the gsk7ikm command (UNIX) or the strmqikm command (Windows).

2. Choose Open from the Key Database File menu. Click Key database type, and select CMS.

3. Click Browse to navigate to the directory containing the key database files

4. Select the key database file to which you want to add the certificate. For example, key.kdb.

5. Click Open

6. In the Password Prompt window, type the password you set when you created the key database and then click OK.

7. Select Signer Certificates in the Key database content field, and then select the certificate you want to extract.

8. Click Extract.

9. Select the Data type of the certificate. For example, Base64-encoded ASCII data for a file with the .arm extension

10. Click Browse to select the name and location of the certificate file name.

11. Click OK. The certificate is written to the file you specified.
Using the iKeycmd (command line interface)

To extract a certificate in iKeycmd (using UNIX command line), use these commands:

gsk7cmd -cert -extract -db filename -pw password -label label -target filename -format ascii

To extract a certificate in iKeycmd (using Windows command line), use these commands:

runmqckm -cert -extract -db filename -pw i -label label -target filename -format ascii

Where:

db filename is the fully qualified pathname of a CMS key database.

label label is the label attached to the certificate.

target filename is the name of the destination file

format ascii is the format of the certificate. The value can be ascii for Base64-encoded ASCII or binary for Binary DER data. The default is ascii.