Changing security policies
You can use IBM® MQ Advanced Message Security to alter details of security policies that you have already defined.
Before you begin
- The queue manager on which you want to operate must be running.
- You must have the necessary authority to connect to the queue manager and create a security policy. On z/OS®, grant the authorities documented in The message security policy utility (CSQ0UTIL). On other platforms other than z/OS, you must grant the necessary +connect, +inq and +chg authorities using the setmqaut command. For more information about configuring security see Setting up security.
About this task
setmqspl
command to an already existing policy providing new attributes.
Example
MYQUEUE
on a queue manager named QMGR
specifying that messages will be encrypted using the RC2
algorithm for certificates with DN:CN=bob,O=IBM,C=US and signed with the SHA1
algorithm for certificates with DN:CN=jeff,O=IBM,C=US.
setmqspl -m QMGR -p MYQUEUE -e RC2 -s SHA1 -a CN=jeff,O=IBM,C=US -r CN=alice,O=IBM,C=US
To
alter this policy, issue the setmqspl
command with all attributes from the example changing only the values you want to modify. In this example, previously created policy is attached to a new queue and its encryption algorithm is changed to AES256
:
setmqspl -m QMGR -p MYQUEUE -e AES256 -s SHA1 -a CN=jeff,O=IBM,C=US -r CN=alice,O=IBM,C=US