Change security policies in AMS

We can use Advanced Message Security to alter details of security policies that we have already defined.

Before starting

The queue manager on which we want to operate must be running.
We must have the necessary authority to connect to the queue manager and create a security policy.
- On z/OS, grant the authorities documented in The message security policy utility (CSQ0UTIL).
- On other platforms other than z/OS, we must grant the necessary +connect, +inq and +chg authorities using the setmqaut command.
For more information about configuring security see Set up security.

About this task

To change security policies, apply the setmqspl command to an already existing policy providing new attributes.

Example

Here is an example of creating a policy named MYQUEUE on a queue manager named QMGR specifying that messages will be encrypted using the 3DES algorithm for certificates with DN:CN=bob,O=IBM,C=US and signed with the SHA256 algorithm for certificates with DN:CN=jeff,O=IBM,C=US.

setmqspl -m QMGR -p MYQUEUE -e 3DES -s SHA256 -a CN=jeff,O=IBM,C=US -r CN=alice,O=IBM,C=US

To alter this policy, issue the setmqspl command with all attributes from the example changing only the values we want to modify. In this example, previously created policy is attached to a new queue and its encryption algorithm is changed to AES256:

setmqspl -m QMGR -p MYQUEUE -e AES256 -s SHA256 -a CN=jeff,O=IBM,C=US -r CN=alice,O=IBM,C=US

Parent topic: Manage security policies

Related information

Complete list of setmqspl command attributes