Refreshing TLS security

If you make a change to the key repository, we can refresh the copy of the key repository that is held in memory while a channel is running, without restarting the channel. When you refresh the cached copy of the key repository, the TLS channels that are currently running on the queue manager are updated with the new information.


When a channel is secured using TLS, the digital certificates and their associated private keys are stored in the key repository. A copy of the key repository is held in memory while a channel is running. If you make a change to the key repository, we can refresh the copy of the key repository that is held in memory without restarting the channel.

When you refresh the cached copy of the key repository, all TLS channels that are currently running are updated:

  • Sender, server, and cluster-sender channels that use TLS are allowed to complete the current batch of messages. The channels then run the SSL handshake again with the refreshed view of the key repository.
  • All other channel types that use TLS are stopped. If the partner end of the stopped channel has retry values defined, the channel retries and runs the SSL handshake again. The new SSL handshake uses the refreshed view of the contents of the key repository, the location of the LDAP server to be used for the Certificate Revocation Lists, and the location of the key repository. In the case of server-connection channel, the client application loses its connection to the queue manager and has to reconnect to continue.

To refresh the cached copy of the key repository, complete the following steps.


Procedure

  1. In the Navigator view, right-click the queue manager for which you want to refresh the cached copy of the key repository, then click Security > Refresh SSL.
  2. When prompted, click Yes.


Results

The TLS channels that are currently running on the queue manager are updated with the new information. The queue manager FIPS configuration (SSLFipsRequired) is also refreshed by this command on Windows, Linux and UNIX platforms.