Accessing a secure WSRR repository
To access a secure WebSphere® Service Registry and Repository (WSRR) repository, set the configuration parameters by using the mqsichangeproperties command.
About this task
You must connect over HTTPS, not HTTP, which
is specified in the endpointAddress configuration
parameter of the default WSRR profile, DefaultWSRR
.
The endpointAddress configuration
parameter must specify the domain qualified host name and port of
your WSRR server.
For more information about the endpointAddress configuration parameter, see Configuration parameters for the WebSphere Service Registry and Repository nodes.
To access a secure WebSphere Service Registry and Repository, enter the following sequence of commands:
Procedure
- Ensure that the integration node is running. If it is not, use the mqsistart command to start it.
- Use the ServiceRegistries configurable service to configure
the integration node to use HTTPS to communicate with the WSRR
server. You can view the current configuration parameters for the
ServiceRegistries configurable service by using the following
command:
where:mqsireportproperties IBNODE -c ServiceRegistries -o DefaultWSRR -r
-c specifies the configurable service (in this case,ServiceRegistries
)
-o specifies the name of the object (in this case,DefaultWSRR
)
-r specifies that all property values of the object are displayed, including the
child values, if appropriate.To change the endpointAddress configuration parameter to specify HTTPS and the secure port for theDefaultWSRR
of the ServiceRegistries configurable service, use the following command. The endpointAddress applies to the version of WSRR (for more information, see Configuration parameters for the WebSphere Service Registry and Repository nodes).
where:mqsichangeproperties IBNODE -c ServiceRegistries -o DefaultWSRR -n endpointAddress -v https://localhost:9443/WSRR6_1/services/WSRRCoreSDOPort
-c specifies the configurable service (in this case,ServiceRegistries
)
-o specifies the name of the object (in this case,DefaultWSRR
)
-n specifies the names of the properties to be changed
(in this case, endpointAddress)
-v specifies the values of properties defined by the -n parameter
(in this case, https://localhost:9443/WSRR6_1/services/WSRRCoreSDOPort)
Note: If the connection fails and reports the following message:
ensure that you are using the correct domain qualified host name in the endpointAddress in theBIP3680S: The following error was returned by WSRR: 'GSR0166E: An error occurred while trying to invoke the Web service
DefaultWSRR
configurable service.For information about the specific levels of WSRR that are supported with IBM® Integration Bus, see IBM Integration Bus system requirements.
- Configure the integration node keystore to
contain your WSRR server certificate keys; for a discussion of digital
certificates, see Digital certificates. Obtain these certificate keys
from the installation of the WebSphere Application Server that hosts your WSRR server.
The integration node uses a single keystore, therefore,
if your integration node also implements WS-Security, HTTPS,
or SSL-secured WebSphere MQ, you might
need to merge the provided keys into an existing keystore file. The
integration node keystore is configured by using the mqsichangeproperties command
to change configuration parameters for the integration node.
Display the current configuration parameters of the integration
node by using the following command:
where:mqsireportproperties IBNODE -o BrokerRegistry -r
-o specifies the name of the object (in this case,BrokerRegistry
)
-r specifies that all property values of the object are displayed, including the
child values, if appropriate.To change thebrokerKeystoreFile
configuration parameters for the integration node, use the following command:
where:mqsichangeproperties IBNODE -o BrokerRegistry -n brokerKeystoreFile -v C:\WSRR\SSL\ClientKeyFile.jks
-o specifies the name of the object (in this case,BrokerRegistry
)
-n specifies the names of the properties to be changed (in this case,brokerKeystoreFile
)
-v specifies the values of properties defined by the -n parameter
(in this case, C:\WSRR\SSL\ClientKeyFile.jks) - Configure the integration node truststore to contain
signer certificates for your WSRR server. As described previously
for the keystore, the integration node uses a single truststore,
therefore certificates might need to be merged into an existing truststore
file. The integration node truststore is configured by using
the mqsichangeproperties command.
To change the brokerTruststoreFile configuration
parameters for the integration node, use the following command:
where:mqsichangeproperties IBNODE -o BrokerRegistry -n brokerTruststoreFile -v C:\WSRR\SSL\ClientTrustFile.jks
-o specifies the name of the object
(in this case,BrokerRegistry
)
-n specifies the names of the properties to be changed
(in this case,brokerTruststoreFile
)
-v specifies the values of properties defined by the -n parameter
(in this case, C:\WSRR\SSL\ClientTrustFile.jks) - Stop the integration node by using the mqsistop command. You must stop the integration node to complete the following step.
- Set the WebSphere Application Server user
name and password by using the following command:
where:mqsisetdbparms IBNODE -n DefaultWSRR::WSRR -u wasuser -p waspass
-n specifies the name of the data source
(in this case,DefaultWSRR::WSRR
)
-u specifies the user ID to be associated with this data source (in this case,wasuser
)
-p specifies the password to be associated with this data source (in this case,waspass
) - Set the brokerKeystore user name and password
by using the following command:
where:mqsisetdbparms IBNODE -n brokerKeystore::password -u dummy -p WebAS
-n specifies the name of the data source (in this case,brokerKeystore::password
)
-u specifies the user ID to be associated with this data source (in this case,dummy
)
-p specifies the password to be associated with this data source (in this case,WebAS
) - Set the brokerTrustStore user name and
password by using the following command:
where:mqsisetdbparms IBNODE -n brokerTruststore::password -u dummy -p WebAS
-n specifies the name of the data source (in this case,brokerTruststore::password
)
-u specifies the user ID to be associated with this data source (in this case,dummy
)
-p specifies the password to be associated with this data source (in this case,WebAS
) - To use cache notification with your secure WSRR server, follow the instructions in Setting up cache notification.
- Restart the integration node by using the mqsistart command.