HTTPS configuration in IBM Integration Bus IIB 10
1 HTTPS Setup Broker Level
1.1 Configuring the broker to use SSL
Complete the following steps:
1. Turn on SSL support in the broker, by setting a value for enableSSLConnector
mqsichangeproperties brokerName -b httplistener -o HTTPListener -n enableSSLConnector -v true
2. Optional: If you do not want to use the default port 7083 for HTTPS messages, specify the port on which the broker listens:
mqsichangeproperties brokerName -b httplistener -o HTTPSConnector -n port -v PortNum
3. Restart the broker after changing one or more of the HTTP listener properties.
4. Optional: Use the following commands to display HTTP listener properties:
mqsireportproperties broker_name -b httplistener -o HTTPListener -a
mqsireportproperties broker_name -b httplistener -o HTTPSConnector -a
Configuring PKI at Integration Node Level
1. Start the integration node:
mqsistart integrationNodeName
2. Display the current settings of the integration node registry properties:
mqsireportproperties integrationNodeName -o BrokerRegistry –r
3. Set the keystore property:
mqsichangeproperties integrationNodeName -o BrokerRegistry -n brokerKeystoreFile -v install_dir\MyBrokerKeystore.jks
4. Set the truststore property:
mqsichangeproperties integrationNodeName -o BrokerRegistry -n brokerTruststoreFile -v install_dir\MyBrokerTruststore.jks
5. Stop the integration node:
mqsistop integrationNodeName
6. Set the password for the keystore:
mqsisetdbparms integrationNodeName -n brokerKeystore::password -u ignore -p keystore_pass
7. Set the password for the truststore:
mqsisetdbparms integrationNodeName -n brokerTruststore::password -u ignore -p truststore_pass
8. Start the integration node:
mqsistart integrationNodeName
9. Display and verify the integration node registry properties:
mqsireportproperties integrationNodeName -o BrokerRegistry -r
2 HTTPS Setup Server Level
mqsireportproperties IIB10NODE -e ISO8583 -o ExecutionGroup –r
Enable HTTP Node Listerner on Execution group Level
mqsireportproperties IIB10NODE -e ISO8583 -o ExecutionGroup -n httpNodesUseEmbeddedListener –v true
Change the SSL protocol. The default protocol for the integration server’s HTTPS connections is TLS. Run the following command to change it to SSL:
mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n sslProtocol -v SSL
Specify a specific port on which the integration server listens for HTTPS requests, or leave the value unset to use the next available port number.
mqsichangeproperties IIB10NODE –e ISO8583 -o HTTPSConnector -n explicitlySetPortNumber -v 7200
Configure the integration server listens for HTTPS with the path to the keystore:
mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n keystoreFile -v D:/IBM/JSKey.jks
Set keystore type:
mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n keystoreType -v JKS
Set keystore password:
mqsichangeproperties IIB10NODE -e ISO8583 -o HTTPSConnector -n keystorePass -v abcd@1234
mqsichangeproperties IIB10NODE -e ISO8583 -o ComIbmJVMManager -n keystoreFile -v D:/IBM/JSKey.jks
mqsichangeproperties IIB10NODE -e ISO8583 -o ComIbmJVMManager -n keystoreType -v JKS