Key repositories for the managed .NET client

The key repository used by managed .NET clients is the Windows keystore. Certificates and private keys must be available in either the user or system keystore to be able to be used by the client application for both identity and trust during a TLS handshake.

Client side

In the application, you can set either of the following values for the key repository:

"*USER": IBM® MQ.NET accesses the current user's certificate store to retrieve the client certificates.
"*SYSTEM": IBM MQ.NET accesses the local computer account to retrieve the certificates.

The client's certificates must be stored in the My certificate store of the user or computer account. All the server (CA) certificates must be stored in the root directory of the certificate store.

Note: You can store more than one certificate in a single file in the following formats:

Personal Information Exchange - PKCS #12 (.PFX, .P12)
Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B)
Microsoft Serialized Certificate Store (.SST)