Private registry usage guide

Prior to using queue-based security, MQe-owned authenticatable entities must have credentials. This is achieved by completing the correct configuration so that auto-registration of queue managers is triggered. This requires the following steps:
  1. Setup and start an instance of MQe mini-certificate issuance service.
  2. Using MQe_MiniCertificateServer, add the name of the queue manager as a valid authenticatable entity, and the entity's one-time-use certificate request PIN.
  3. Configure MQePrivateClient1.ini and MQePrivateServer1.ini so that when queue managers are created using SimpleCreateQM, auto-registration is triggered. This section explains which keywords are required in the registry section of the ini files, and where to use the entity's one-time-use certificate request PIN.

Prior to using message-level security to protect messages using MQeMTrustAttribute, the application must use private registry services to ensure that the initiating and recipient entities have credentials. This requires the following steps:

  1. Setup and start an instance of MQe mini-certificate issuance service.
  2. Add the name of the application entity, and allocate the entity a one-time-use certificate request PIN.
  3. Use a program similar to the pseudo-code fragment below to trigger auto-registration of the application entity . This creates the entity's credentials and saves them in its private registry.
  /* SIMPLE MQePrivateRegistry FRAGMENT*/
    try 
       {
       /* setup PrivateRegistry parameters  */
       String EntityName         = "Bruce";
       String EntityPIN            = "11111111";
       Object KeyRingPassword       = "It_is_a_secret";
       Object CertReqPIN            = "12345678";
       Object CAIPAddrPort          = "9.20.X.YYY:8082";
       /* instantiate and activate a 
        Private Registry. */
       MQePrivateRegistry preg  = new MQePrivateRegistry( );
       preg.activate( EntityName,        
      /* entity name                */
                      ".//MQeNode_PrivateRegistry", 
      /* directory root  */
                      EntityPIN,        
      /* private reg access PIN     */
                      KeyRingPassword,  
      /* private credential keyseed */
                      CertReqPIN,        
      /* on-time-use Cert Req PIN   */
                      CAIPAddrPort );    
      /* addr and port MiniCertSvr  */
       trace(">>> PrivateRegistry activated OK ..."); 
       }
    catch (Exception e)
       {
       e.printStackTrace( );
       }

Parent topic: Private registry service