Share via


Renew Cryptographic Keys for Message Queuing

Applies To: Windows Server 2008

You can use this procedure to renew cryptographic key pairs for Message Queuing. Renew a cryptographic key pair for Message Queuing to generate a new private key and associated public key in Active Directory Domain Services.This public/private key pair can be used to encrypt and decrypt Message Queuing messages.

Only the user who installed Message Queuing has the permissions needed to renew the cryptographic keys. Review the details in "Additional considerations" in this topic.

To renew cryptographic keys for Message Queuing

  1. Click Start, point to Run, type compmgmt.msc, and press ENTER to display the Computer Management MMC console.

  2. In the console tree, right-click Message Queuing.

    Where?

    • Computer Management/Services and Applications/Message Queuing
  3. Click Properties.

  4. In the Message Queuing Properties dialog box, click the Service Security tab, and under Cryptographic keys, click Renew.

    A warning appears stating that received messages may be encrypted with a cryptographic key different from the one that your computer currently has. You will not be able to read those messages. You will be asked whether you want to continue.

  5. If not being able to read those messages is acceptable, click Yes. Or, if it is not acceptable, click No and renew your cryptographic key at some other time.

Additional considerations

  • Only the user who installed Message Queuing has the permissions needed to renew the cryptographic keys. If Message Queuing is installed in workgroup mode, and then the computer joins a domain, only domain administrators are allowed to renew the cryptographic keys.

  • This task does not apply to dependent clients and Message Queuing computers installed in workgroup mode.

Additional references