Refreshing the queue manager's key repository

When you change the contents of a key repository, the queue manager does not immediately pick up the new contents. For a queue manager to use the new key repository contents, you must issue the REFRESH SECURITY TYPE(SSL) command.

This process is intentional, and prevents the situation where multiple running channels could use different versions of a key repository. As a security control, only one version of a key repository can be loaded by the queue manager at any time.

For more information about the REFRESH SECURITY TYPE(SSL) command, see REFRESH SECURITY.

You can also refresh a key repository using PCF commands or the IBM® MQ Explorer. For more information, see the MQCMD_REFRESH_SECURITY command and the topic Refreshing TLS Security in the IBM MQ Explorer section of this product documentation.