Encrypting a parameter file
About this task
Use the setmqipw
utility to encrypt the
DOMAINNAME, USERNAME, and PASSWORD values in the [Services] stanza
of a parameter file, if they are not already encrypted. (These values
might be encrypted if you have run the utility before.) setmqipw
will
also encrypt the QMGRPASSWORD and CLIENTPASSWORD values in the [SSLMigration]
stanza of a parameter file.
This encryption means that, if you need a special domain account to configure IBM® WebSphere® MQ (see Configuring IBM WebSphere MQ accounts), or you need to keep key database passwords secret, details are kept secure. Otherwise, these values, including the domain account password, flow across the network as clear text. You do not have to use this utility, but it is useful if security in your network is an issue.
To run the script:Procedure
Results
If you view the resulting parameter file, the encrypted
values start with the string mqm*
. Do not use this
prefix for any other values; passwords or names that begin with this
prefix are not supported.
setmqipw.log
,
in the current directory. This file contains messages related to the
encryption process. When encryption is successful, messages are similar
to: Encryption complete
Configuration file closed
Processing complete
What to do next
After you encrypt the parameter file, you can use it in
the normal way with the MQParms
command (see Using the MQParms command).