This topic explains how to configure the HTTPInput and HTTPReply nodes to communicate with other applications using HTTP over SSL.
WebSphere Message Broker includes a Java Runtime Environment (JRE) that supplies a keystore manipulation program, which is called keytool. To invoke this command complete the following steps:
The keystore is now created and is ready for use by the broker.
The broker requires several properties to be set to make use of HTTP over SSL. All of these properties can be changed using the mqsichangeproperties command. Change the properties as follows:
Ensure that all of these properties are set with correct values for your system. Only the enableSSLConnector property has to be set. The other three properties have default values. However, it is advisable to change these default values. The mqsichangeproperties command lists the default values for all the properties.
The most simple message flow that shows the HTTPS functionality working is one that contains an HTTPInput node connected directly to an HTTPReply node: The two important properties to set on the HTTPInput node are:
/* means that the HTTPInput node will match against any request that is sent to the http listener on a designated port. This is useful for testing purposes, but is not recommended for production.
You can now deploy the message flow to the broker. If all other steps have been followed up to this point, a BIP3132 message should appear in the local system log (this is the event log on Windows) stating that the https listener has been started.
You can now test the system.
The most simple method of testing whether HTTPS is configured correctly is to use a web browser to make a request to the broker over HTTPS.
https://localhost:7083/testHTTPSChange any values in the URL to reflect changes you have made in your broker configuration. When a pop up window appears asking you to accept the certificate, select yes to any questions. The browser should then refresh and display the structure of an empty html page. In Mozilla browsers this will look like the following example:
<html> <body/> </html>and in Internet Explorer the following information should be displayed:
XML document must have a top level element. Error processing resource 'https://localhost:7083/testHTTPS'
These responses mean that a blank page was returned, showing that the set up worked correctly. To add content to the page that is returned, you can add a compute node to the flow.
You can use another HTTPS client to process HTTPS requests. Read the documentation for the client to find out how it should be configured to make client connections over SSL.
Another HTTPS client, such as a Java or .net client, could be used instead of the web browser. Depending on the type of client, the certificate that was created with keytool might have to be exported from the http listener’s keystore file and then imported into that client’s own keystore. Consult the client documentation to find out how you should configure the client to make client connections over SSL.