Configure an integration server to refer to a keystore, a truststore, or both, before you deploy any message flows that require SSL connections, policy set or bindings for signature, encryption, or X.509 authentication, and before you enable services that use SSL connections, such as IBM® Cloud reporting services.
An integration server is a named grouping of message flows that have been assigned to an integration node. The integration node enforces a degree of isolation between message flows in distinct integration servers by ensuring that they run in separate address spaces, or as unique processes. For more information about integration servers, see Integration servers.
Integration server keystore and truststore runtime property values override equivalent property values on the integration node, if any are set.
Keystores can contain two kinds of entries: key entries and trusted certificate entries. If a keystore is used to contain trusted certificates, it is typically referred to as a truststore. IBM Integration Bus can refer to a keystore and a truststore per integration server. When the integration node is encrypting or decrypting, it uses entries in its keystore; if the integration node is verifying a signature or performing X.509 authentication, it uses entries in its truststore.
To display integration server level properties, run the command:
mqsireportproperties integrationNodeName -o ComIbmJVMManager -a -e integration_server
mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager
-n keystoreFile
-v c:\keystore\server.keystore
where c:\keystore\server.keystore is
the fully qualified path to the Java™ keystore
(JKS), containing the private certificates that will be used by the
integration server. mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager
-n truststoreFile
-v c:\truststore\server.truststore
where c:\truststore\server.truststore is
the fully qualified path to the Java truststore
containing the public certificates that are required by the integration
server to establish trust with the services that it will connect to.mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n keystorePass
-v integration_server::keystorePass
mqsisetdbparms integrationNodeName -n integration_server::keystorePass -u na -p password
mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n truststorePass
-v integration_server::truststorePass
mqsisetdbparms integrationNodeName -n integration_server::truststorePass -u na -p password
If you add new certificates to a keystore or truststore, to ensure that the new certificates are picked up, you must reload the Java virtual machine (JVM). You can reload the JVM by restarting the integration server.