Enable secure connection of web admin and authentication in broker on IBM ACE 12
What to cover:
Part 1:
1. Change properties on “node.conf.yaml” file.
2. Execute command to enable security.
Part 2:
1. Create p12 certificate file using IBM IKEYMAN.
2. Configure p12 certificate on “node.conf.yaml” file.
3. Execute command to set password for certificate file.
Part 1:
To enable username and password security on broker
Step 1:
Open “node.conf.yaml” file location on “C:\ProgramData\IBM\MQSI\components\<broker-name>\node.conf.yaml” in Windows environment. And under section of RestAdminListener uncomment the basicAuth to true and authorizationEnabled to true as seen on below screenshot and then saved the file. By default both are commented.
Step 2:
Execute below commands on console against your broker for following operations as mention.
- Create a web user account and password and specify the associated role (system user account)
mqsiwebuseradmin <broker-name> -c -u <username> -r <role> -a <password of user>
- Change the password for webuser1:
mqsiwebuseradmin <broker-name> -m -u <username> -a <password of user>
- Create a web user account for each user ID that is in the LDAP directory but not defined as a web user on the integration node:
mqsiwebuseradmin <broker-name> -c -u ‘*’ -x -r <role>
- Delete the web user account for webuser1:
mqsiwebuseradmin <broker-name> -d -u <username>
Step 3:
Restart the broker.
mqsistop <broker-name>
mqsistart <broker-name>
Step 4:
Check broker web admin in browser by request http://<server name>/<broker-port> that it required username and password or not. Login with the username and password you set through command. If not asking then follow whole process from step 1 again may be you miss something.
Part 2:
To enable secure HTTPS connection on broker web admin
Step 1:
Open IBM Key Management tool by typing just IBM Key you will see IBM Key management (Installation1) just click and open it. This tool come along with IBM integration bus from version 10 till now you no need to install this separate.
Step 2:
Click on Key Database File on top menu and then New.
Select PKCS12 then type name of the file you want with .p12 extension and Location where you want to store the file and then click Ok.
Step 3:
As see in below screenshot p.12 file is generated on my given location.
Step 4:
Open “node.conf.yaml” file location on “C:\ProgramData\IBM\MQSI\components\<broker-name>\node.conf.yaml” in Windows environment. And under section of RestAdminListener uncomment the sslCertificate and put complete path of p.12 file and also uncomment sslPasword and set “adminRestApi::sslpwd” as seen on below screenshot and then save the file. By default both are commented.
Step 5:
Now execute the below command on console against your broker.
mqsisetdbparms <broker-name> -n adminRestApi::sslpwd -u ignore -p <password of p12 file>
Step 6:
Restart the broker.
mqsistop <broker-name>
mqsistart <broker-name>
Step 7:
Check that web admin is working https mode or not.
