Configure the integration node to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.
The only supported type of store is Java™ keystore (JKS).
Each instance of an integration node can be configured to refer to one keystore and one truststore.
The following properties of the integration node registry component must be defined correctly for policy sets and bindings:
To check what security properties you have set for an integration node, use the mqsireportdbparms command.
To display all integration node registry values, run the following command:
mqsireportproperties integrationNodeName -o BrokerRegistry -a
This command returns entries like these:
BrokerRegistry=''
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile=''
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile=''
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
mqsichangeproperties integrationNodeName -o BrokerRegistry
-n brokerKeystoreFile
-v c:\keystore\server.keystore
Where
c:\keystore\server.keystore is the keystore to be referenced. mqsichangeproperties integrationNodeName -o BrokerRegistry
-n brokerTruststoreFile
-v c:\truststore\server.truststore
Where
c:\truststore\server.truststore is the truststore to be referenced.mqsireportdbparms integrationNodeName
-n brokerKeystore::password
-u temp -p pa55word
The
user ID, which can be any value, is not required to access the keystore.mqsisetdbparms integrationNodeName
-n brokerTruststore::password
-u temp -p pa55word
The
user ID, which can be any value, is not required to access the keystore.mqsisetdbparms integrationNodeName
-n brokerTruststore::keypass::encKey
-u temp -p pa55word
The
user ID, which can be any value, is not required to access the keystore.