IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Viewing and setting keystore and truststore runtime properties at integration server level

Configure an integration server to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.

An integration server is a named grouping of message flows that have been assigned to a broker. The broker enforces a degree of isolation between message flows in distinct integration servers by ensuring that they run in separate address spaces, or as unique processes. For more information about integration servers, see Integration servers.

Integration server keystore and truststore runtime property values override equivalent property values on the broker, if any are set.

Keystores can contain two kinds of entries: key entries and trusted certificate entries. If a keystore is used to contain trusted certificates, it is typically referred to as a truststore. IBM® Integration Bus can refer to a keystore and a truststore per integration server. When the broker is encrypting or decrypting, it uses entries in its keystore; if the broker is verifying a signature or performing X.509 authentication, it uses entries in its truststore.

The following sample demonstrates the use of viewing and setting keystore and truststore runtime properties at integration server level:

Address Book

You can view information about samples only when you use the product documentation that is integrated with the IBM Integration Toolkit or the online product documentation. You can run samples only when you use the product documentation that is integrated with the IBM Integration Toolkit.

Displaying integration server level properties

To display integration server level properties, run the command:

mqsireportproperties broker_name -o ComIbmJVMManager -a -e integration_server

Updating the integration server reference to a keystore

To update the broker reference to a keystore at an integration server level, use the following command:

mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager 
  –n  keystoreFile 
  -v c:\keystore\server.keystore,JKS

where c:\keystore\server.keystore,JKS is a Java™ keystore (JKS).

Updating the integration server reference to a truststore

To update the broker reference to a truststore at an integration server level, use the following command:

mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager 
  –n  truststoreFile 
  -v c:\truststore\server.truststore

where c:\truststore\server.truststore is the truststore to be referenced.

Updating the keystore and truststore passwords

The commands used to update the keystore and truststore passwords at integration server level are the same as those used when setting keystore and truststore runtime properties at broker level.

To update the broker with the keystore password; see Updating the broker with the keystore password.
To update the broker with the truststore password; see Updating the broker with the truststore password.
To update the broker with a private key password; see Updating the broker with a private key password.

To use the default broker password for the keystore, the keystorePass parameter must be blank, or it must be set to brokerKeystore::password. To use a password other than the default broker password, use the following commands:

mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager -n keystorePass 
-v integration_server::keystorePass

mqsisetdbparms broker_name -n integration_server::keystorePass -u na -p password

To use the default broker password for the truststore, the truststorePass parameter must be blank, or it must be set to brokerTruststore::password. To use a password other than the default broker password, use the following commands:

mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager -n truststorePass 
-v integration_server::truststorePass

mqsisetdbparms broker_name -n integration_server::truststorePass -u na -p password

Adding new certificates to a keystore or truststore

If you add new certificates to a keystore or truststore, to ensure that the new certificates are picked up, you must reload the Java virtual machine (JVM). You can reload the JVM by restarting the integration server.

ac56640_.htm |

Last updated Friday, 21 July 2017