Changing security policies

You can use IBM® MQ Advanced Message Security to alter details of security policies that you have already defined.

Before you begin

The queue manager on which you want to operate must be running.
You must have the necessary authority to connect to the queue manager and create a security policy. On z/OS®, grant the authorities documented in The message security policy utility (CSQ0UTIL). On other platforms other than z/OS, you must grant the necessary +connect, +inq and +chg authorities using the setmqaut command. For more information about configuring security see Setting up security.

About this task

To change security policies, apply the setmqspl command to an already existing policy providing new attributes.

Example

Here is an example of creating a policy named MYQUEUE on a queue manager named QMGR specifying that messages will be encrypted using the RC2 algorithm for certificates with DN:CN=bob,O=IBM,C=US and signed with the SHA1 algorithm for certificates with DN:CN=jeff,O=IBM,C=US.


setmqspl -m QMGR -p MYQUEUE -e RC2 -s SHA1 -a CN=jeff,O=IBM,C=US -r CN=alice,O=IBM,C=US

To alter this policy, issue the setmqspl command with all attributes from the example changing only the values you want to modify. In this example, previously created policy is attached to a new queue and its encryption algorithm is changed to AES256:


setmqspl -m QMGR -p MYQUEUE -e AES256 -s SHA1 -a CN=jeff,O=IBM,C=US -r CN=alice,O=IBM,C=US