IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Configuring the HTTPRequest and HTTPAsyncRequest nodes to use SSL (HTTPS)

Configure the HTTPRequest or HTTPAsyncRequest nodes to communicate with other applications that use HTTP over SSL.

Before you start: Set up a public key infrastructure (PKI) at broker level: Setting up a public key infrastructure

This topic describes the steps that you need to follow when configuring an HTTPRequest node on a Windows system. The steps that you must follow on other operating systems are almost identical.

To enable an HTTPRequest node to communicate using HTTP over SSL, an HTTPS server application is required. The information provided in this topic shows how to use the HTTPInput node for SSL as the server application, but the same details also apply when you are using any other server application. You specify the appropriate SSL client Authentication key alias field (Key Alias) on the HTTPRequest node or HTTPAsyncRequest node when the server key store contains multiple certificates for the server.

Complete the following sub-tasks:
  1. Creating a message flow to make HTTPS requests
  2. Testing your example.
Parent topic: Securing message flows by using SSL configuration

Creating a message flow to make HTTPS requests

The following message flow creates a generic message flow for converting a WebSphere® MQ message into an HTTP Request:

  1. Create a message flow with the nodes MQInput->HTTPRequest->Compute->MQOutput.
  2. On the MQInput node, set the queue name to HTTPS.IN1 and create the WebSphere MQ queue.
  3. On the MQOutput node, set the queue name to HTTPS.OUT1 and create the WebSphere MQ queue.
  4. On the HTTPRequest node, set the Web Service URL to point to the HTTP server to call. To call the HTTPInput node, use https://localhost:7083/testHTTPS.
  5. Optional: On the SSL settings properties tab, select Enable certificate revocation list checking. For more information on Certificate Revocation List (CRL) checking see, Working with certificate revocation lists.
  6. On the Advanced properties tab of the HTTPRequest node, set the Response message location in tree property to OutputRoot.BLOB.
  7. On the Compute node, add the following ESQL code: 
    CREATE COMPUTE MODULE test_https_Compute
    CREATE FUNCTION Main() RETURNS BOOLEAN
    BEGIN
        -- CALL CopyMessageHeaders();
        CALL CopyEntireMessage();
        set OutputRoot.HTTPResponseHeader = null;
        RETURN TRUE;
    END;

    CREATE PROCEDURE CopyMessageHeaders() BEGIN
        DECLARE I INTEGER;
        DECLARE J INTEGER;
        SET I = 1;
        SET J = CARDINALITY(InputRoot.*[]);
        WHILE I < J DO
            SET OutputRoot.*[I] = InputRoot.*[I];
            SET I = I + 1;
        END WHILE;
    END;

    CREATE PROCEDURE CopyEntireMessage() BEGIN
        SET OutputRoot = InputRoot;
    END;
END MODULE;

The message flow is now ready to be deployed to the broker and tested.

Testing your example

To test that the example works, complete the following steps:

  1. Follow the instructions in Configuring HTTPInput and HTTPReply nodes to use SSL (HTTPS), including testing the example.
  2. Deploy the HTTPRequest message flow.
  3. Put a message to the WebSphere MQ queue HTTPS.IN1. If successful, a message appears on the output queue. If the process fails, an error appears in the local error log (which is the event log on Windows).
Related concepts:
Security overview
Related tasks:
Implementing SSL authentication
Configuring HTTPInput and HTTPReply nodes to use SSL (HTTPS)
Creating a message flow
Defining message flow content
Creating ESQL for a node
Deploying resources
Related reference:
mqsichangeproperties command
mqsireportproperties command
HTTPRequest node
HTTPAsyncRequest node
HTTPInput node
HTTPReply node
ap12235_.htm | Last updated Friday, 21 July 2017