keyrestore (key restore)

Parameters

-m QMgrName

Specifies the name of the queue manager for which the key repository is backed up.

The queue manager must exist.

-file filename

Specifies the name of the archive file containing the key repository that you are restoring.

-defer

By default, the key repository is restored to the queue manager immediately. If you specify the -defer parameter, the action is suppressed until an administrator has manually stopped SSL/TLS channels on that queue manager, and issued a MQSC REFRESH SECURITY TYPE(SSL) command.

-password password

When running the keyrestore command, you must specify the password that was specified when the archive was created using the keybackup command.

You must enclose the password in double quotes if it includes special characters. You must also escape any backslash or double quote characters that are part of the password with a backslash character. For example. if the keybackup command returned pass"word\, then you should supply the password to the keyrestore command as shown:

"pass\"word\\"

-prompt

If you specify the -prompt argument, instead of -password password, you are prompted to enter it. The password is never displayed in plain text.

Usage notes

• This command must be run from the IBM® MQ administration mode. If the system is in the IBM MQ administration mode the prompt includes mq. To enter the IBM MQ administration mode, enter mqcli on the command line. To exit the IBM MQ administration mode, enter exit on the command line.

Examples

• The following command restores the key repository for the queue manager QM1:

  keyrestore -m QM1 -file QM1keystore.tar.gz -prompt

  You are prompted for the password.
• The following command restores the key repository for the queue manager QM1, specifying the password on the command line.

  keyrestore -m QM1 -file QM1keystore.tar.gz -password "abd%72yyo32@gHY" 

Related commands

• keybackup (key backup)
• copy