From IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide
Part of SRG-APP-000516-NDM-000344
Associated with: CCI-000366 CCI-001159
For user certificates, each organization obtains certificates from an approved, shared service provider as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
Log on to the MQ Appliance CLI as a privileged user. To verify certs, enter: co crypto show certificate [lists all defined cert aliases] Verify the following: All certificate aliases point to standard DoD cert files and none are self-generated. If the certificates were not generated by a DoD approved CA, or if they are self-signed certificates, this is a finding.
Obtain MQ Appliance and client certs from an approved CA or ECA as required by DoD policy.
Log on to the MQ Appliance WebGUI as a privileged user.
Import approved certs to the cert directory:
- Click on the Administration (gear) icon.
- Under Main, click on File Management.
- Click cert directory.
- Click Actions.
- Upload files.
- Browse to select MQ Appl cert.
- Add.
- Browse to select client cert.
- Add.
- [Repeat Browse and Add for all desired client certs.]
- Upload.
- Continue.
Create cert aliases for use in MQ Appliance configurations (CLI). Enter:
co
crypto
certificate
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer