Changing the key repository location for a queue manager on AIX, Linux, and Windows
You can change the location of your queue manager's key database file by various means including the MQSC command ALTER QMGR.
You can change the location of your queue manager's key database file by using the MQSC command
ALTER QMGR to set your queue manager's key repository attribute. For example, on AIX® and Linux®:
ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM1/ssl/MyKey.kdb')
On Windows:
ALTER QMGR SSLKEYR('C:\Program Files\IBM\MQ\Qmgrs\QM1\ssl\Mykey.kdb')
The key database file has the fully qualified file name:
C:\Program Files\IBM\MQ\Qmgrs\QM1\ssl\Mykey.kdb
Attention: On Windows and Linux, if TLS AMQP channels are used, the suffix of the key
repository file must be one of the following:
- .kdb, for a CMS key repository
- .p12 or .pkcs12, for a PKCS #12 key repository.
You can also alter your queue manager's attributes using the IBM® MQ Explorer or PCF commands.
When you change the location of a queue manager's key database file, certificates are not transferred from the old location. If the key database file you are now accessing is a new key database file, you must populate it with the CA and personal certificates you need, as described in Importing a personal certificate into a key repository on AIX, Linux, and Windows.