| copyright | lastupdated | subcollection | keywords | ||
|---|---|---|---|---|---|
|
2020-04-07 |
mqcloud |
refresh, security, SSL, TLS |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:codeblock: .codeblock} {:pre: .pre}
{: #mqoc_refresh_security}
If you make a change to the queue manager key store or trust store, or change channel certificate configuration, a TLS security refresh is required for the new configuration to take effect.
A TLS security refresh will update the in memory copy of the key store and trust store. All channels that are enabled for TLS will be stopped and use the refreshed configuration to recreate a secure connection. A client's secure connection will only be re-established if the client application has retry logic to re-initiate a broken connection.
- If you add a client or queue manager certificate to the trust store, they will not be trusted to make a secure connection until a TLS security refresh has been performed
- If you add a certificate to the key store and configure it for use with TLS or AMS, the affected channels will not use the certificate to create a secure connection until a TLS security refresh has been performed
- If you change the certificate configured on a TLS enabled channel, the certificate will not be used to create a secure connection until a TLS security refresh has been performed
- Launch the queue manager web console using steps described here
- On the queue manager page, select Configuration.
- Select the Security tab.
- Select the three dots, then Refresh SSL
- Confirm by clicking Refresh
- Connect to the queue manager using steps described here
- Run
REFRESH SECURITY TYPE(SSL) - Run
end
- Connect to the queue manager using steps described here
- In the Navigator view, right-click the queue manager for which you want to refresh the cached copy of the key repository, then click Security > Refresh SSL
- When prompted, click Yes.