Refreshing a key repository

 

We can refresh the copy of the key repository held in memory, without restarting the channel process, by using the MQSC command REFRESH SECURITY TYPE(SSL). This enables you to use an up-to-date version of the SSL key repository when you have added a new certificate, without having to stop the channel process.

On platforms other than z/OS, the REFRESH SECURITY TYPE(SSL) command updates all SSL channels whether a refresh is required or not. On z/OS, if no refresh is required, REFRESH SECURITY TYPE(SSL) completes successfully and the channels are unaffected.

For more information on the REFRESH SECURITY TYPE(SSL) command, see the WebSphere MQ Script (MQSC) Command Reference.

We can also refresh the key repository using the PCF command Refresh Security (MQCMD_REFRESH_SECURITY). The SecurityType (MQSECTYPE_SSL) parameter refreshes the copy of the key repository held in memory, allowing updates to become effective once the command has completed successfully. For more information about this command, see the WebSphere MQ Programmable Command Formats and Administration Interface book.

 

Parent topic:

The SSL key repository

sy10990_