Refreshing the queue manager's key repository
When we change the contents of a key repository, the queue manager does not immediately pick up the new contents. For a queue manager to use the new key repository contents, we must issue the REFRESH SECURITY TYPE(SSL) command.
This process is intentional, and prevents the situation where multiple running channels could use different versions of a key repository. As a security control, only one version of a key repository can be loaded by the queue manager at any time.
For more information about the REFRESH SECURITY TYPE(SSL) command, see REFRESH SECURITY.
We can also refresh a key repository using PCF commands or the IBM MQ Explorer. For more information, see the MQCMD_REFRESH_SECURITY command and the topic Refreshing TLS Security in the IBM MQ Explorer section of this product documentation.
Parent topic: The SSL/TLS key repository
Related concepts