Certificate validation policies in IBM WebSphere MQ
The certificate validation policy determines how strictly the certificate chain validation conforms to industry security standards.
The certificate validation policy depends upon the platform and
environment as follows:
- For Java and JMS applications on all platforms, the certificate validation policy depends on the JSSE component of the Java runtime environment. For more information about the certificate validation policy, see the documentation for your JRE.
- For UNIX, Linux®, and Windows systems, the certificate
validation policy is supplied by GSKit and can be configured. Two
different certificate validation policies are supported:
- A legacy certificate validation policy, used for maximum backwards compatibility and interoperability with old digital certificates that do not comply with the current IETF certificate validation standards. This policy is known as the Basic policy.
- A strict, standards-compliant certificate validation policy which enforces the RFC 5280 standard. This policy is known as the Standard policy.