Before you start: complete the following tasks:
The process is essentially the same as on Windows and UNIX.
This topic describes how to enable SSL at broker level; it can also
be done at integration server level for the SOAP nodes. See Configuring SOAPInput and SOAPReply nodes to use SSL (HTTPS) and Configuring SOAPRequest and SOAPAsyncRequest nodes to use SSL (HTTPS) for
a description of the process on distributed platforms.
To execute
the following commands, you can run the BIPCHPR job in the broker
component library.
- Define the location of the keystore. This example
shows how to define a keystore at broker level. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V9R0M0/bin/-
mqsichangeproperties -
CSQPBRK -
-o BrokerRegistry -
-n brokerKeystoreFile -
-v /u/csqpbrk/ssl/csqbrkKeystore.jks
- Define the location of the truststore. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V9R0M0/bin/-
mqsichangeproperties -
CSQPBRK -
-o BrokerRegistry -
-n brokerTruststoreFile -
-v /u/csqpbrk/ssl/csqbrkKeystore.jks
- Enable the HTTPS Connector. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V9R0M0/bin/-
mqsichangeproperties -
CSQPBRK –
-b httplistener -
-o HTTPListener -
-n enableSSLConnector -
-v true
- Optional: Enable client authentication. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V9R0M0/bin/-
mqsichangeproperties -
CSQPBRK –
-b httplistener -
-o HTTPSConnector -
-n clientAuth -
-v true
- Stop the broker. You must stop the broker before
you can define passwords.
- Define the keystore password. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V9R0M0/bin/-
mqsisetdbparms -
CSQPBRK –
-n brokerKeystore::password –
-u ignore -
-p changeit
- Define the truststore password. For example:
BPXBATSL PGM -
/usr/lpp/mqsi/V9R0M0/bin/-
mqsisetdbparms -
CSQPBRK –
-n brokerTruststore::password –
-u ignore -
-p changeit
- Start the broker.
- Verify and test your configuration.
Last updated Friday, 21 July 2017