Managing security policies
A security policy is a conceptual object that describes the way a message is cryptographically encrypted and signed.
All administrative tasks related to security policies are run from the following location:
- On UNIX platforms:
<MQInstallRoot>/bin - On Windows platforms administrative tasks can be run from any location as the
PATHenvironment variable is updated at the installation.On UNIX platforms, and Windows, you use the DELETE POLICY, DISPLAY POLICY, and SET POLICY (or equivalent PCF) commands to manage your security policies.
- On IBM® i, the DSPMQMSPL, SETMQMSPL, and WRKMQMSPL commands are installed into the QSYS system library for the primary language of the system when IBM MQ is installed.
Additional national language versions get installed into QSYS29xx libraries according to the language feature load.
For example, a machine with US English as the primary language and Korean as the secondary language has the US English commands installed into QSYS and the Korean secondary language load in QSYS2962 as 2962 is the language load for Korean.
- On z/OS®, the administrative commands are run
using the message security policy utility (CSQ0UTIL). When policies are created, modified or deleted
on z/OS, the changes are not recognized by IBM MQ Advanced Message Security until the queue manager is stopped and restarted, or
the z/OS MODIFY command is used to refresh the
IBM MQ Advanced Message Security policy configuration. For example:
F <qmgr ssid>AMSM,REFRESH POLICY