Change the key repository location for a queue manager on UNIX, Linux, and Windows

We can change the location of our queue manager's key database file by various means including the MQSC command ALTER QMGR.

We can change the location of our queue manager's key database file by using the MQSC command ALTER QMGR to set your queue manager's key repository attribute. For example, on UNIX and Linux :

ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM1/ssl/MyKey')

The key database file has the fully qualified file name: /var/mqm/qmgrs/QM1/ssl/MyKey.kdb On Windows:

ALTER QMGR SSLKEYR('C:\Program Files\IBM\MQ\Qmgrs\QM1\ssl\Mykey')

The key database file has the fully qualified file name: C:\Program Files\IBM\MQ\Qmgrs\QM1\ssl\Mykey.kdb Attention: Ensure that we do not include the .kdb extension in the file name on the SSLKEYR keyword, as the queue manager appends this extension automatically.

We can also alter your queue manager's attributes using the IBM MQ Explorer or PCF commands.

When we change the location of a queue manager's key database file, certificates are not transferred from the old location. If the key database file we are now accessing is a new key database file, we must populate it with the CA and personal certificates we need, as described in Importing a personal certificate into a key repository on UNIX, Linux, and Windows.

Parent topic: Work with SSL/TLS on UNIX, Linux, and Windows