Accessing a secure WSRR repository

To access a secure WebSphere® Service Registry and Repository (WSRR) repository, set the configuration parameters by using the mqsichangeproperties command.

About this task

You must connect over HTTPS, not HTTP, which is specified in the endpointAddress configuration parameter of the default WSRR profile, DefaultWSRR. The endpointAddress configuration parameter must specify the domain qualified host name and port of your WSRR server.

For more information about the endpointAddress configuration parameter, see Configuration parameters for the WebSphere Service Registry and Repository nodes.

To access a secure WebSphere Service Registry and Repository, enter the following sequence of commands:

Procedure

  1. Ensure that the integration node is running. If it is not, use the mqsistart command to start it.
  2. Use the ServiceRegistries configurable service to configure the integration node to use HTTPS to communicate with the WSRR server. You can view the current configuration parameters for the ServiceRegistries configurable service by using the following command: 
    mqsireportproperties IBNODE -c ServiceRegistries -o DefaultWSRR -r
    where:
    -c specifies the configurable service (in this case, ServiceRegistries)
    -o specifies the name of the object (in this case, DefaultWSRR)
    -r specifies that all property values of the object are displayed, including the
    child values, if appropriate.
    To change the endpointAddress configuration parameter to specify HTTPS and the secure port for the DefaultWSRR of the ServiceRegistries configurable service, use the following command. The endpointAddress applies to the version of WSRR (for more information, see Configuration parameters for the WebSphere Service Registry and Repository nodes).
    mqsichangeproperties IBNODE -c ServiceRegistries -o DefaultWSRR 
-n endpointAddress 
-v https://localhost:9443/WSRR6_1/services/WSRRCoreSDOPort
    where:
    -c specifies the configurable service (in this case, ServiceRegistries)  
    -o specifies the name of the object (in this case, DefaultWSRR)  
    -n specifies the names of the properties to be changed
    (in this case, endpointAddress)  
    -v specifies the values of properties defined by the -n parameter
    (in this case, https://localhost:9443/WSRR6_1/services/WSRRCoreSDOPort)
    Note: If the connection fails and reports the following message:
    BIP3680S: The following error was returned by WSRR: 'GSR0166E: An error occurred while trying to invoke the Web service
    ensure that you are using the correct domain qualified host name in the endpointAddress in the DefaultWSRR configurable service.

    For information about the specific levels of WSRR that are supported with IBM® Integration Bus, see IBM Integration Bus system requirements.

  3. Configure the integration node keystore to contain your WSRR server certificate keys; for a discussion of digital certificates, see Digital certificates. Obtain these certificate keys from the installation of the WebSphere Application Server that hosts your WSRR server. The integration node uses a single keystore, therefore, if your integration node also implements WS-Security, HTTPS, or SSL-secured WebSphere MQ, you might need to merge the provided keys into an existing keystore file. The integration node keystore is configured by using the mqsichangeproperties command to change configuration parameters for the integration node. Display the current configuration parameters of the integration node by using the following command: 
    mqsireportproperties IBNODE -o BrokerRegistry -r
    where:
    -o specifies the name of the object (in this case, BrokerRegistry)
    -r specifies that all property values of the object are displayed, including the
    child values, if appropriate.
    To change the brokerKeystoreFile configuration parameters for the integration node, use the following command:
    mqsichangeproperties IBNODE -o BrokerRegistry 
-n brokerKeystoreFile -v C:\WSRR\SSL\ClientKeyFile.jks
    where:
    -o specifies the name of the object (in this case, BrokerRegistry)  
    -n specifies the names of the properties to be changed (in this case, brokerKeystoreFile)  
    -v specifies the values of properties defined by the -n parameter
    (in this case, C:\WSRR\SSL\ClientKeyFile.jks)
  4. Configure the integration node truststore to contain signer certificates for your WSRR server. As described previously for the keystore, the integration node uses a single truststore, therefore certificates might need to be merged into an existing truststore file. The integration node truststore is configured by using the mqsichangeproperties command. To change the brokerTruststoreFile configuration parameters for the integration node, use the following command: 
    mqsichangeproperties IBNODE -o BrokerRegistry 
-n brokerTruststoreFile -v C:\WSRR\SSL\ClientTrustFile.jks
    where:
    -o specifies the name of the object
    (in this case, BrokerRegistry)  
    -n specifies the names of the properties to be changed
    (in this case, brokerTruststoreFile)  
    -v specifies the values of properties defined by the -n parameter
    (in this case, C:\WSRR\SSL\ClientTrustFile.jks)
  5. Stop the integration node by using the mqsistop command.
    You must stop the integration node to complete the following step.
  6. Set the WebSphere Application Server user name and password by using the following command: 
    mqsisetdbparms IBNODE -n DefaultWSRR::WSRR -u wasuser -p waspass
    where:
    -n specifies the name of the data source
    (in this case, DefaultWSRR::WSRR)  
    -u specifies the user ID to be associated with this data source (in this case, wasuser)  
    -p specifies the password to be associated with this data source (in this case, waspass)
  7. Set the brokerKeystore user name and password by using the following command: 
    mqsisetdbparms IBNODE -n brokerKeystore::password -u dummy -p WebAS
    where:
    -n specifies the name of the data source (in this case, brokerKeystore::password)  
    -u specifies the user ID to be associated with this data source (in this case, dummy)  
    -p specifies the password to be associated with this data source (in this case, WebAS)
  8. Set the brokerTrustStore user name and password by using the following command: 
    mqsisetdbparms IBNODE -n brokerTruststore::password -u dummy 
-p WebAS
    where:
    -n specifies the name of the data source (in this case, brokerTruststore::password)  
    -u specifies the user ID to be associated with this data source (in this case, dummy)  
    -p specifies the password to be associated with this data source (in this case, WebAS)
  9. To use cache notification with your secure WSRR server, follow the instructions in Setting up cache notification.
  10. Restart the integration node by using the mqsistart command.