Configure the HTTPRequest node to communicate
with other applications that use HTTP over SSL by adding certificates
to the cacerts file and creating a message flow to make HTTP requests.
This topic describes the steps that you need to follow when configuring an HTTPRequest node on a Windows® system. The steps that you need to follow on other operating systems are almost identical.
To enable an HTTPRequest node to communicate using HTTP over SSL, an HTTPS server application is required. The information provided in this topic shows how to use the HTTPInput node for SSL as the server application, but the same details also apply when you are using any other server application.
cd "%MQSI_FILEPATH%\jre\lib\security"or
cd "%MQSI_FILEPATH%\jre15\lib\security"
/opt/IBM/mqsi/6.1/jre15/ppc64/lib/securityor
$MQSI_FILEPATH/jre15/ppc64/lib/security
Importing a certificate into the cacerts file
Use the keytool command to modify the cacerts file:
"%MQSI_FILEPATH%\jre\bin\keytool" -import -alias mykey -file name of certificate file -keystore cacerts -storepass changeitwhere:
If you must change the cacerts password, or if you must use a different trust store, you can pass the information to the broker's Java Virtual Machine (JVM) by setting the following environment variable:
On Windows, AIX®, and Linux®:
IBM_JAVA_OPTIONS= -Djavax.net.ssl.trustStore=<trustStore_path>/<trustStore_filename> -Djavax.net.ssl.trustStorePassword=<trustStore_password>
On Solaris and HP-UX:
_JAVA_OPTIONS= -Djavax.net.ssl.trustStore=<trustStore_path>/<trustStore_filename> -Djavax.net.ssl.trustStorePassword=<trustStore_password>
Use caution when using this environment variable, because if the setting is not valid, the broker's execution groups might be unable to create their JVM, and therefore cannot start successfully. Do not use the IBM_JAVA_OPTIONS (or _JAVA_OPTIONS) environment variable if you are also using SSL authentication with Real-time nodes, or with the WebSphere MQ Java™ Client.
"%MQSI_FILEPATH%\jre\bin\keytool" -export -alias mykey -file name of certificate file -keystore keystore file -storepass passwordwhere
The following message flow creates a generic message flow for converting a WebSphere MQ message into an HTTPRequest:
The message flow is now ready to be deployed to the broker and tested.
To test that the example works, complete the following steps: