[AIX, Linux, Windows]

Changing the key repository password on AIX, Linux, and Windows

Use this procedure to change the key repository password.

You can change the key repository password by using the runmqakm (GSKCapiCmd) or runmqktool (keytool) commands.
Note:
  • [MQ 9.4.0 Jun 2024][MQ 9.4.0 Jun 2024]The runmqktool command allows the key repository password to be changed independently of the passwords that protect individual private and secret keys. For PKCS #12 key repositories, the key repository password, and the passwords that protect all keys in the key repository, must be the same. If the runmqktool command is used to change the key repository password, ensure that the -all parameter is specified so that the key passwords are also changed.
  • If the key repository password is not stored in a stash file, you must also change the password that is stored in the queue manager configuration or any IBM® MQ client applications that access the key repository. For more information, see Supplying the key repository password for a queue manager on AIX, Linux, and Windows and Supplying the key repository password for an IBM MQ MQI client on AIX, Linux, and Windows.

Using runmqakm

Issue the following command to change the key repository password with the runmqakm command:
runmqakm -keydb -changepw -db filename -pw password -new_pw password -stash
where:
-file filename
Specifies the fully qualified file name of the key repository.
-pw password
Specifies the current password for the key repository.
-new_pw password
Specifies the new password for the key repository.
-stash
Optional. Specify this option to store the new key repository password in a stash file. You do not need to store the password in a stash file if you encrypt the password by using the IBM MQ password protection system instead.
For more information about these parameters and the values that can be specified, see runmqakm -keydb.
[MQ 9.4.0 Jun 2024][MQ 9.4.0 Jun 2024]

Using runmqktool

Issue the following command to change the key repository password with the runmqktool command:
runmqktool -storepasswd -all -keystore filename -storepass password
           -new password
where:
-all
Specifies that the password is also changed for all entries that are protected with the same password as the key repository.
-keystore filename
Specifies the fully qualified file name of the key repository.
-storepass password
Specifies the current password for the key repository.
-new password
Specifies the new password for the key repository.
For more information about these parameters and the values that can be specified, see storepasswd.