Working with revoked certificates

Authentication information objects contain connection details of responders or servers that can be used to determine the revocation status of certificates.

An authentication information object contains authentication information that is used when checking whether a TLS certificate is revoked or not. The following table shows the IBM® MQ TLS authentication information support for different platforms:
Table 1. How IBM MQ TLS supports authentication information on different platforms
Platform Support
[Windows]IBM MQ on Windows systems IBM MQ TLS supports checks for revoked certificates using OCSP, or using CRLs and ARLs on LDAP servers, with OCSP as the preferred method. IBM MQ classes for Java™ cannot use the OCSP information in a client channel definition table file. However, you can configure OCSP as described in Revoked certificates and OCSP in IBM Knowledge Center.
[UNIX]IBM MQ on UNIX systems IBM MQ TLS supports checks for revoked certificates using OCSP, or using CRLs and ARLs on LDAP servers, with OCSP as the preferred method. IBM MQ classes for Java cannot use the OCSP information in a client channel definition table file. However, you can configure OCSP as described in Revoked certificates and OCSP in IBM Knowledge Center.
[z/OS]IBM MQ on z/OS® systems IBM MQ TLS supports checks for revoked certificates using CRLs and ARLs on LDAP servers only. IBM MQ on z/OS systems cannot use OCSP.
[z/OS]IBM MQ on IBM i systems IBM MQ TLS supports checks for revoked certificates using CRLs and ARLs on LDAP servers only. IBM MQ on IBM i systems cannot use OCSP.

For more information, see Securing in IBM Knowledge Center.