Backing up a key repository

You can back up the queue manager key repository and restore it to a different IBM® MQ Appliance if required. This back up and restore feature is intended for disaster recovery.

About this task

You use a command to place a copy of the key repository in a file in a user-accessible file area on the appliance. You then copy that file to a backup store on another system.

The file that contains the queue manager key repository might include private keys. The file is encrypted, but you should take appropriate security precautions when handling the file. You need a password to modify or restore the file, and the password is displayed after file is created. Ensure that you make a note of the password and keep it safe.

You should follow this procedure for every queue manager on your system.

Procedure

  1. Connect to the IBM MQ Appliance as described in Command line access.
  2. Log in as a user in the administrators group.
  3. Type mqcli to enter IBM MQ configuration mode.
  4. Type the following command to back up the key repository for a queue manager: 
    
keybackup -m QmanagerName
    Where QmanagerName specifies the queue manager that you want to back up the key repository for.
  5. The appliance displays the following warning: 
    
This operation will generate a copy of your queue manager key  repository,
which may include private keys.  Although encrypted, you  should take appropriate security
precautions in handling this file.  The  password required if you ever need to modify or
restore this file will  be displayed after the copy has been created.  Do you wish to continue?
[Y/N]
    Enter Y to continue.

    The command creates a compressed archive (.tar.gz) of the key repository files. The archive includes the .kdb and .rdb files, and the crl file, if present. It does not include the password stash file. At completion, the name of the archive file and the password that was stored in the password stash file is displayed. The password is needed to restore the key repository.

  6. Type exit to leave IBM MQ configuration mode.
  7. Type config to enter configuration mode.
  8. Copy the file containing the backed-up repository to another system.

    To copy the file by using the command line interface:

    1. Connect to the command line of the appliance as described in Command line access.
    2. Log in to the appliance as an administrator.
    3. Type config to enter configuration mode.
    4. Copy the file by typing the following command: 
      
copy mqbackup:///backup_filename scp://username@ipaddress/[/]directorypath
    To copy the file by using the IBM MQ Appliance web UI:
    1. Start the IBM MQ Appliance web UI, and click the menu icon shows the menu icon in the title bar.
    2. Select Files to open the File Management window.
    3. Open the mqbackup folder.
    4. Click the backup file name link to save the file to your local system (the exact method for saving the file depends on the type of browser that you use).