Is your feature request related to a problem? Please describe.
A frequent test or production setup involves queue managers connected via TLS secured channels, sometimes across Operating Systems (z/OS to Distributed for example). From a developer perspective this is usually a trivial point, as certificates, keystores, etc may already exist. However, scope exists for automating the runmqakm commands required on distributed.
Describe the solution you'd like
Automate commands to (during install if desired):
- Create a certificate keystore
- Create a certificate
- Extract the certificate
Describe alternatives you've considered
None
Additional context
Some thinking may be required regarding linking to a z/OS QMGR, but an MVP to set up a certificate would be useful.
On Distributed
runmqakm -keydb -create -db \path\to\keys.kdb -pw s0m3p455w0rd -type cms -stash -fips -strong
Create Key Store
runmqakm -cert -create -db \path\to\keys.kdb -pw s0m3p455w0rd -label MQ57DIST -dn "CN=MQ57DIST,OU=HURSLEY,O=IBM" -fips
Create certificate
runmqakm -cert -extract -db \path\to\keys.kdb -pw s0m3p455w0rd -label MQ57DIST -target \path\to\MQ57DIST.der -format binary -fips
Extract Certificate to file
Is your feature request related to a problem? Please describe.
A frequent test or production setup involves queue managers connected via TLS secured channels, sometimes across Operating Systems (z/OS to Distributed for example). From a developer perspective this is usually a trivial point, as certificates, keystores, etc may already exist. However, scope exists for automating the
runmqakmcommands required on distributed.Describe the solution you'd like
Automate commands to (during install if desired):
Describe alternatives you've considered
None
Additional context
Some thinking may be required regarding linking to a z/OS QMGR, but an MVP to set up a certificate would be useful.
On Distributed
runmqakm -keydb -create -db \path\to\keys.kdb -pw s0m3p455w0rd -type cms -stash -fips -strongCreate Key Store
runmqakm -cert -create -db \path\to\keys.kdb -pw s0m3p455w0rd -label MQ57DIST -dn "CN=MQ57DIST,OU=HURSLEY,O=IBM" -fipsCreate certificate
runmqakm -cert -extract -db \path\to\keys.kdb -pw s0m3p455w0rd -label MQ57DIST -target \path\to\MQ57DIST.der -format binary -fipsExtract Certificate to file