Before you begin
complete the following tasks:
About this task
The process is essentially the same as on Windows and UNIX.
This topic describes how to enable SSL at integration node level;
it can also be done at integration server level for the SOAP nodes.
See Configuring SOAPInput and SOAPReply nodes to use SSL (HTTPS) and Configuring SOAPRequest and SOAPAsyncRequest nodes to use SSL (HTTPS) for
a description of the process on distributed platforms.
To execute
the following commands, you can run the BIPCHPR job in the integration
node component library.
Procedure
- Define the location of the keystore. This example
shows how to define a keystore at integration node level. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V10R0M0/bin/-
mqsichangeproperties -
CSQPBRK -
-o BrokerRegistry -
-n brokerKeystoreFile -
-v /u/csqpbrk/ssl/csqbrkKeystore.jks
- Define the location of the truststore. For
example:
BPXBATSL PGM -
/usr/lpp/mqsi/V10R0M0/bin/-
mqsichangeproperties -
CSQPBRK -
-o BrokerRegistry -
-n brokerTruststoreFile -
-v /u/csqpbrk/ssl/csqbrkKeystore.jks
- Enable the HTTPS Connector. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V10R0M0/bin/-
mqsichangeproperties -
CSQPBRK -
-b httplistener -
-o HTTPListener -
-n enableSSLConnector -
-v true
- Optional: Enable client authentication. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V10R0M0/bin/-
mqsichangeproperties -
CSQPBRK -
-b httplistener -
-o HTTPSConnector -
-n clientAuth -
-v true
- Stop the integration node. You must stop the
integration node before you can define passwords.
- Define the keystore password. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V10R0M0/bin/-
mqsisetdbparms -
CSQPBRK -
-n brokerKeystore::password -
-u ignore -
-p changeit
- Define the truststore password. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V10R0M0/bin/-
mqsisetdbparms -
CSQPBRK -
-n brokerTruststore::password -
-u ignore -
-p changeit
- Start the integration node.
- Verify and test your configuration.