HTTPS configuration in IBM Integration Bus IIB 10

1 HTTPS Setup Broker Level

1.1 Configuring the broker to use SSL

Complete the following steps:

1. Turn on SSL support in the broker, by setting a value for enableSSLConnector

mqsichangeproperties brokerName -b httplistener -o HTTPListener -n enableSSLConnector -v true

2. Optional: If you do not want to use the default port 7083 for HTTPS messages, specify the port on which the broker listens:

mqsichangeproperties brokerName -b httplistener -o HTTPSConnector -n port -v PortNum

3. Restart the broker after changing one or more of the HTTP listener properties.

4. Optional: Use the following commands to display HTTP listener properties:

mqsireportproperties broker_name -b httplistener -o HTTPListener -a

mqsireportproperties broker_name -b httplistener -o HTTPSConnector -a

Configuring PKI at Integration Node Level

1. Start the integration node:

mqsistart integrationNodeName

2. Display the current settings of the integration node registry properties:

mqsireportproperties integrationNodeName -o BrokerRegistry –r

3. Set the keystore property:

mqsichangeproperties integrationNodeName -o BrokerRegistry -n brokerKeystoreFile -v install_dir\MyBrokerKeystore.jks

4. Set the truststore property:

mqsichangeproperties integrationNodeName -o BrokerRegistry -n brokerTruststoreFile -v install_dir\MyBrokerTruststore.jks

5. Stop the integration node:

mqsistop integrationNodeName

6. Set the password for the keystore:

mqsisetdbparms integrationNodeName -n brokerKeystore::password -u ignore -p keystore_pass

7. Set the password for the truststore:

mqsisetdbparms integrationNodeName -n brokerTruststore::password -u ignore -p truststore_pass

8. Start the integration node:

mqsistart integrationNodeName

9. Display and verify the integration node registry properties:

mqsireportproperties integrationNodeName -o BrokerRegistry -r

2 HTTPS Setup Server Level

mqsireportproperties IIB10NODE -e ISO8583 -o ExecutionGroup –r

Enable HTTP Node Listerner on Execution group Level

mqsireportproperties IIB10NODE -e ISO8583 -o ExecutionGroup -n httpNodesUseEmbeddedListener –v true

Change the SSL protocol. The default protocol for the integration server’s HTTPS connections is TLS. Run the following command to change it to SSL:

mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n sslProtocol -v SSL

Specify a specific port on which the integration server listens for HTTPS requests, or leave the value unset to use the next available port number.

mqsichangeproperties IIB10NODE –e ISO8583 -o HTTPSConnector -n explicitlySetPortNumber -v 7200

Configure the integration server listens for HTTPS with the path to the keystore:

mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n keystoreFile -v D:/IBM/JSKey.jks

Set keystore type:

mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n keystoreType -v JKS

Set keystore password:

mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n keystorePass -v abcd@1234

mqsichangeproperties IIB10NODE -e ISO8583 -o ComIbmJVMManager -n keystoreFile -v D:/IBM/JSKey.jks

mqsichangeproperties IIB10NODE -e ISO8583 -o ComIbmJVMManager -n keystoreType -v JKS

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adil Abdullah

Adil Abdullah

Currently working as Full stack Java developer for Swedish company Easit AB. Working on Java and IBM stack.