When changes to certificates or the certificate store become effective on UNIX, Linux, and Windows
When you change the certificates in a certificate store, or the location of the certificate store, the changes take effect depending on the type of channel and how the channel is running.
Changes to the certificates in the key database file and to the key repository attribute become
effective in the following situations:
- When a new outbound single channel process first runs a TLS channel.
- When a new inbound TCP/IP single channel process first receives a request to start a TLS channel.
- When the MQSC command REFRESH SECURITY TYPE(SSL) is issued to refresh the TLS environment.
- For client application processes, when the last TLS connection in the process is closed. The next TLS connection will pick up the certificate changes.
- For channels that run as threads of a process pooling process (amqrmppa), when the process pooling process is started or restarted and first runs a TLS channel. If the process pooling process has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL).
- For channels that run as threads of the channel initiator, when the channel initiator is started or restarted and first runs a TLS channel. If the channel initiator process has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL).
- For channels that run as threads of a TCP/IP listener, when the listener is started or restarted and first receives a request to start a TLS channel. If the listener has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL).
You can also refresh the IBM® MQ TLS environment using the IBM MQ Explorer or PCF commands.
Important: . Changes to the keystore configuration file and/or the keystore being used
by an AMS MCA interceptor (and AMS in a regular client) are picked up on a queue manger or
application restart.