IBM Integration Bus, Version 10.0.0.0 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS


Configure IBM® Integration Bus on z/OS® for SSL

Define the location of the keystore and truststore, set passwords, and enable SSL.

Before you begin

complete the following tasks:

About this task

The process is essentially the same as on Windows and UNIX. This topic describes how to enable SSL at integration node level; it can also be done at integration server level for the SOAP nodes. See Configuring SOAPInput and SOAPReply nodes to use SSL (HTTPS) and Configuring SOAPRequest and SOAPAsyncRequest nodes to use SSL (HTTPS) for a description of the process on distributed platforms.

To execute the following commands, you can run the BIPCHPR job in the integration node component library.

Procedure

  1. Define the location of the keystore. This example shows how to define a keystore at integration node level. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V10R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK -                          
      -o BrokerRegistry -                
      -n brokerKeystoreFile -              
      -v /u/csqpbrk/ssl/csqbrkKeystore.jks
  2. Define the location of the truststore. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V10R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK -                          
      -o BrokerRegistry -                
      -n brokerTruststoreFile -              
      -v /u/csqpbrk/ssl/csqbrkKeystore.jks
  3. Enable the HTTPS Connector. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V10R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK -
      -b httplistener -                         
      -o HTTPListener -                
      -n enableSSLConnector -              
      -v true
  4. Optional: Enable client authentication. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V10R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK -
      -b httplistener -                         
      -o HTTPSConnector -                
      -n clientAuth -              
      -v true
  5. Stop the integration node. You must stop the integration node before you can define passwords.
  6. Define the keystore password. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V10R0M0/bin/-     
    mqsisetdbparms -               
      CSQPBRK -
      -n brokerKeystore::password -
      -u ignore - 
      -p changeit 
  7. Define the truststore password. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V10R0M0/bin/-     
    mqsisetdbparms -               
      CSQPBRK -
      -n brokerTruststore::password -
      -u ignore - 
      -p changeit
  8. Start the integration node.
  9. Verify and test your configuration.

ap34026_.htm | Last updated 2015-03-27 19:27:15