Changing the key repository password on AIX, Linux, and Windows

Use this procedure to change the key repository password.

You can change the key repository password by using the runmqakm (GSKCapiCmd) or runmqktool (keytool) commands.

Note:

The runmqktool command allows the key repository password to be changed independently of the passwords that protect individual private and secret keys. For IBM® MQ, the key repository password, and the passwords that protect all keys in the key repository, must be the same. If the runmqktool command is used to change the key repository password, ensure that the -all parameter is specified so that the key passwords are also changed.
If the key repository password is not stored in a stash file, you must also change the password that is stored in the queue manager configuration or any IBM MQ client applications that access the key repository. For more information, see Supplying the key repository password for a queue manager on AIX, Linux, and Windows and Supplying the key repository password for an IBM MQ MQI client on AIX, Linux, and Windows.

Using runmqakm

Issue the following command to change the key repository password with the runmqakm command:

runmqakm -keydb -changepw -db filename -pw password -new_pw password -stash

where:

-file filename: Specifies the fully qualified file name of the key repository.
-pw password: Specifies the current password for the key repository.
-new_pw password: Specifies the new password for the key repository.
-stash: Optional. Specify this option to store the new key repository password in a stash file. You do not need to store the password in a stash file if you encrypt the password by using the IBM MQ password protection system instead.

For more information about these parameters and the values that can be specified, see runmqakm -keydb.

Issue the following command to change the key repository password with the runmqktool command:

runmqktool -storepasswd -all -keystore filename -storepass password
           -new password

where:

-all: Specifies that the password is also changed for all entries that are protected with the same password as the key repository.

-keystore filename: Specifies the fully qualified file name of the key repository.
-storepass password: Specifies the current password for the key repository.
-new password: Specifies the new password for the key repository.

For more information about these parameters and the values that can be specified, see storepasswd.