Changing the key repository location for a queue manager on UNIX, Linux or Windows systems

You can change the location of your queue manager's key database file by various means including the MQSC command ALTER QMGR.

You can change the location of your queue manager's key database file by using the MQSC command ALTER QMGR to set your queue manager's key repository attribute. For example, on UNIX and Linux® systems:


ALTER QMGR SSLKEYR('/var/mqm/qmgrs/QM1/ssl/MyKey')

The key database file has the fully qualified file name: /var/mqm/qmgrs/QM1/ssl/MyKey.kdb

On Windows:


ALTER QMGR SSLKEYR('C:\Program Files\IBM\WebSphere MQ\Qmgrs\QM1\ssl\Mykey')

The key database file has the fully qualified file name:

C:\Program
Files\IBM\WebSphere MQ\Qmgrs\QM1\ssl\Mykey.kdb

Attention: Ensure that you do not include the .kdb extension in the file name on the SSLKEYR keyword, as the queue manager appends this extension automatically.

You can also alter your queue manager's attributes using the WebSphere® MQ Explorer or PCF commands.

When you change the location of a queue manager's key database file, certificates are not transferred from the old location. If the key database file you are now accessing is a new key database file, you must populate it with the CA and personal certificates you need, as described in Importing a personal certificate into a key repository on UNIX, Linux, and Windows systems.