Configure an integration server to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.
An integration server is a named grouping of message flows that have been assigned to an integration node. The integration node enforces a degree of isolation between message flows in distinct integration servers by ensuring that they run in separate address spaces, or as unique processes. For more information about integration servers, see Integration servers.
Integration server keystore and truststore runtime property values override equivalent property values on the integration node, if any are set.
Keystores can contain two kinds of entries: key entries and trusted certificate entries. If a keystore is used to contain trusted certificates, it is typically referred to as a truststore. IBM® Integration Bus can refer to a keystore and a truststore per integration server. When the integration node is encrypting or decrypting, it uses entries in its keystore; if the integration node is verifying a signature or performing X.509 authentication, it uses entries in its truststore.
To display integration server level properties, run the command:
mqsireportproperties integrationNodeName -o ComIbmJVMManager -a -e integration_server
mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager
-n keystoreFile
-v c:\keystore\server.keystore,JKS
where c:\keystore\server.keystore,JKS is
a Java™ keystore (JKS). mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager
-n truststoreFile
-v c:\truststore\server.truststore
where c:\truststore\server.truststore is
the truststore to be referenced.mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n keystorePass
-v integration_server::keystorePass
mqsisetdbparms integrationNodeName -n integration_server::keystorePass -u na -p password
mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n truststorePass
-v integration_server::truststorePass
mqsisetdbparms integrationNodeName -n integration_server::truststorePass -u na -p password
If you add new certificates to a keystore or truststore, to ensure that the new certificates are picked up, you must reload the Java virtual machine (JVM). You can reload the JVM by restarting the integration server.