When changes to certificates or the certificate store become effective on IBM i

When you change the certificates in a certificate store, or the location of the certificate store, the changes take effect depending on the type of channel and how the channel is running.

Changes to the certificates in the certificate store and to the key repository attribute become effective in the following situations:

When a new outbound single channel process first runs a TLS channel.
When a new inbound TCP/IP single channel process first receives a request to start a TLS channel.
When the MQSC command REFRESH SECURITY TYPE(SSL) is issued to refresh the IBM® MQ TLS environment.
For client application processes, when the last TLS connection in the process is closed. The next TLS connection picks up the certificate changes.
For channels that run as threads of a process pooling process (amqrmppa), when the process pooling process is started or restarted and first runs a TLS channel. If the process pooling process has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL).
For channels that run as threads of the channel initiator, when the channel initiator is started or restarted and first runs a TLS channel. If the channel initiator process has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL).
For channels that run as threads of a TCP/IP listener, when the listener is started or restarted and first receives a request to start a TLS channel. If the listener has already run a TLS channel, and you want the change to become effective immediately, run the MQSC command REFRESH SECURITY TYPE(SSL).