It is known to encrypt communications between computers with a certificate provided by a certificate authority to provide security. For example, a Secure Sockets Layer (“SSL”) certificate can be obtained from a certificate authority server to encrypt communications from those communication channels of a computer that utilize the certificate. The SSL certificate is similar to an encryption key generated by a sending computer or a recipient computer, except that the SSL certificate is issued by a certificate authority and is part of a key pair consisting of a private key and a public key generated by the certificate authority. The recipient knows how to decrypt an SSL communication by using the generally available certificate authority keys paired with the public key provided to the computer authority for use as the owned public key completing the pair to secure the communications. Typically, the SSL certificate is valid for a predetermined period, such as one year, and the sending computer can encrypt its messages with the same SSL certificate for the predetermined period. At the end of the predetermined period, the certificate authority notifies the purchaser of the certificate of the sending computer that the existing SSL certificate will expire. In response, the user typically requests another SSL certificate, and the certificate authority returns another SSL certificate to the sending computer. Next, the user shuts down all communications to and from the computer, even communications to and from channels that do not use an encryption key. In one example where the computer is communicating using an IBM WebSphere MQ 5.3 program, the user shuts down communications by shutting down a communication queue manager (“QM”) program which manages all communications to and from the computer, both SSL channels and nonSSL channels. While the computer's communications are shut down, the user installs the new certificate by loading it into a predetermined certificate file (for example, by using a gsk6cmd utility to update a /var/mqm/qmgrs/QUEMANAGER/ssl/key.kdb flat file key repository, in the case of the IBM WebSphere MQ program), replacing the expired certificate. This shut down of all the communication channels lasts until the user has installed the new certificate in the certificate file, and reopens the communications (for example, by restarting the communication queue manager program, and then verifying that the communication channels can negotiate with the remote queue manager program and begin SSL communication). While the foregoing technique is effective in installing a new SSL certificate, it results in too much down time of all communications to and from the computer.
Accordingly, an object of the present invention is to reduce impact on communications to and from a computer while updating an SSL certificate or other encryption certificate required for some of the communication channels.