First, you need a key database file, such as ssl.kdb, that contains one or more certificates. This can be done using the GSKit (Global Security Kit) command line tool, or the iKeyman GUI. Let's say you have a key database file that contains a certificate named "example.com".
The queue manager will be configured with a path to the key database file. The path can be seen using the display qmgr command. In this example, the directory that contains the key database file is /shared/qmgrs/MANAGER01/ssl/MANAGER01.
echo "display qmgr SSLKEYR" | runmqsc MANAGER01 SSLKEYR(/shared/qmgrs/MANAGER01/ssl/MANAGER01)
The display qmgr command can also be used to identify the alias of the certificate in the key database file being used for SSL. In this example, the example.com certificate in the key database file is being used for SSL.
echo "display qmgr CERTLABEL" | runmqsc MANAGER01 CERTLABEL(example.com)
With just these basic configurations, the queue manager can now use the example.com certificate in the key database file for SSL.