keyrestore

Restore a key repository

You can use the keyrestore command to restore to a queue manager a key repository that you have previously backed up.

This command replaces the key repository for this queue manager with the content of the archive file provided. You can supply the password required to restore the archive, or you can ask to be prompted for it so that it is not displayed.

This command will prompt for password unless one is provided, and then replace the .kdb, .rdb, and .crl (if present) files for this queue manager with the content of the archive file provided. It will then generate a new password stash file.

Syntax

Read syntax diagramSkip visual syntax diagram keyrestore -m QMgrName -file filename -defer-passwordpassword-prompt -password password

Parameters

-m QMgrName
Specifies the name of the queue manager for which the key repository is backed up.
The queue manager must exist.
-file filename
Specifies the name of the archive file containing the key repository that you are restoring.
-defer
By default, the key repository is restored to the queue manager immediately. If you specify the -defer parameter, the action is suppressed until an administrator has manually stopped SSL/TLS channels on that queue manager, and issued a MQSC REFRESH SECURITY TYPE(SSL) command.
-password password
When running the keyrestore command, you must specify the password that was displayed when the archive was created using the keybackup command.
You must enclose the password in double quotes if it includes special characters. You must also escape any backslash or double quote characters that are part of the password with a backslash character. For example. if the keybackup command returned pass"word\, then you should supply the password to the keyrestore command as shown:
"pass\"word\\"

Usage notes

  • This command must be run from the IBM® MQ administration mode. If the system is in the IBM MQ administration mode the prompt includes mq. To enter the IBM MQ administration mode, enter mqcli on the command line. To exit the IBM MQ administration mode, enter exit on the command line.

Examples

  • The following command restores the key repository for the queue manager QM1: 
    keyrestore -m QM1 -file QM1keystore.tar.gz

Related commands