Configure secure connection of HTTPS and consume HTTPS Services/API in broker and EG level on IBM ACE 12

What to cover:

1. Create JKS file using Keyman tool.

Step 1:

Open IBM Keyman tool by typing on Start menu “IBM Keyman”. It comes along with installation of IBM IIB or ACE by default you no need to download o install seperatly. But version must be above 10

Step 2:

IBM Key management look like below as in screenshot. Now click on Key Database File on top menu and then click on New.

Step 3:

Now on Key database type select JKS on File Name write name of the file you want with .jks extension and last on Location select using Browse button where you want to store jks file and then click Ok to save the file.

Step 4:

Now set password for the file by default it is changeit you can set any password you want and then click Ok.

Step 5:

Now go to folder location where you store your JKS and check weather jks file is created or not on that location. In my case jks file name is Sample.JKS which is created on location whose I’ve given while creating.

Step 6:

Now again open Key management tool and open that JKS file which we’ve created and select Personal Certificate from Key Database content dropdown and then click on New Self-Signed.

Step 7:

After click on New Self Signed on last step now input all the information required as you see in screenshot. Now need to fill whole form input only those information which is written on text not on screenshot and then click Ok.

Step 8:

After filling all the information in last step your self signed certificate will be created in this step as seen on below screenshot. In my case it is named as test-cert under Personal Certificate section.

Step 9:

Now come toward broker/EG level part. Go to broker or EG directory in your system and locate node.conf.yaml for broker or server.conf.yaml for execution group. In Windows OS broker or execution group directory exist in following location if not set during creation otherwise if you set another during creation time then go on that location.

Step 10:

Copy and paste below yaml content on conf.yaml file between security tag and below MQTT tag. In below content the file path mention is my given path in your case it should be your given path and password also would be which you have set.

Step 11:

In this step just take any sample rest API which is HTTPS configured means TLS/SSL secure connection. Execute URL on browser and check their TLS/SSL version through browser.

Step 12:

Click on lock icon which is shown on left side or URL. Click on it and check certificate details.

Step 13:

Select Details tab and click Ok.

Step 14:

Click Copy to File and click on Ok.

Step 15:

Just click on Next.

Step 16:

Check on first option of DER encoded and then click Next.

Step 17:

Browse the location where you want to save the file and click on Next.

Step 18:

Certificate file will be extract at the location which I’ve given. You can check on the location which you’ve given weather its created or not.

Step 19:

Now again come toward Keyman tool and select Signer Certificate from Key database content dropdown menu and then click on Add button.

Step 20:

Browse the location where you’ve saved the certificate extract from rest API through browser and click Ok.

Step 21:

Now input certificate label name what ever you want to give for that certificate for identification and click Ok.

Step 22:

This is last step as extracted certificate are now added on our JKS file as shown in below screenshot with the label name which we’ve given in last step.



Currently working as Full stack Java developer at Contour Software. Working on Java and IBM stack.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adil Abdullah

Currently working as Full stack Java developer at Contour Software. Working on Java and IBM stack.