Changing the key repository location for a queue manager

Changing the key repository location for a queue manager

We can change the location of your queue manager's key database file by using the MQSC command ALTER QMGR to set your queue manager's key repository attribute. For example, on UNIX:
ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM1/ssl/MyKey')
The key database file has the fully-qualified filename: /var/mqm/qmgrs/QM1/ssl/MyKey.kdb
On Windows:
ALTER QMGR SSLKEYR('C:\\IBM\WebSphere MQ\Qmgrs\QM1\ssl\Mykey')
The key database file has the fully-qualified filename: C:\Program Files\IBM\WebSphere MQ\Qmgrs\QM1\ssl\Mykey.kdb
We can also alter your queue manager's attributes using the WebSphere MQ Explorer or PCF commands.
When you change the location of a queue manager's key database file, certificates are not transferred from the old location. If the CA certificates pre-installed when you create the key database file are insufficient, populate the new key database file with the extra CA certificates we need, as described in Managing digital certificates.

Parent topic:
Working with a key repository

sy12210_