Restoring a key repository

You can restore a queue manager key repository that you previously backed up.

About this task

You copy a file that contains the archive of a previously backed-up key repository to the target appliance. You then use a command to restore it.

Procedure

  1. Copy the file containing the backed up key repository to the appliance:

    To copy the file by using the command line interface:

    1. Connect to the IBM® MQ Appliance as described in Command line access.
    2. Log in as a user in the administrators group.
    3. Type the following command to enter configuration mode:
      
      config
      
    4. Copy your saved backup file to the target appliance:
      
      copy scp://username@ipaddress/[/]directorypath/filename mqbackup:
      
    5. Type exit to leave config mode.

    To copy the file by using the IBM MQ Appliance web UI:

    1. Start the IBM MQ Appliance web UI, and click the administration icon shows the admin icon in the title bar.
    2. Select Main > File Management to open the File Management window.
    3. Select Upload files from the mqbackup folder menu.
    4. Drag and drop or browse for the file on your local system.
    5. Click Upload to upload the file to the mqbackup directory on the appliance.
  2. If you are not already connected to the appliance command line, connect as described in Command line access.
  3. Type mqcli to enter IBM MQ configuration mode.
  4. Type the following command to restore the key repository to the queue manager:
    
    keyrestore -m QmanagerName -file filename -password password
    
    Where:
    • QmanagerName specifies the queue manager that you want to back up the key repository for.
    • filename is the file that contains the key repository archive.
    • password is the password that was returned when the key repository archive was created.
    Instead of specifying -password password, you can specify the -prompt argument, then you will be prompted for the password (and it will never appear in plain text).
  5. Use the listcert and detailcert commands to verify that the contents of the key repository are as expected.