Usage notes
When using TYPE(SSL):
- On z/OS, the command server and channel initiator must be running.
- On z/OS, WebSphere MQ determines whether a refresh is needed due to one, or
more, of the following reasons:
- The contents of the key repository have changed
- The location of the LDAP server to be used for Certification Revocation
Lists has changed
- The location of the key repository has changed
If no refresh is needed, the command completes successfully and the channels
are unaffected.
- On platforms other than z/OS, the command updates all SSL channels regardless
of whether a security refresh is needed.
- If a refresh is to be performed, the command updates all SSL channels
currently running, as follows:
- Sender, server and cluster-sender channels using SSL are allowed to complete
the current batch. Then they run the SSL handshake again with the refreshed
view of the SSL key repository.
- All other channel types using SSL are stopped with a STOP CHANNEL MODE(FORCE)
STATUS(INACTIVE) command. If the partner end of the stopped MCA channel has
retry values defined, the channel retries and the new SSL handshake uses the
refreshed view of the contents of the SSL key repository, the location of
the LDAP server to be used for Certification Revocation Lists, and the location
of the key repository. In the case of a server-connection channel, the client
application loses its connection to the queue manager and has to reconnect
in order to continue.