Configure the integration node to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.
The only supported type of store is Java™ keystore (JKS).
Each instance of an integration node can be configured to refer to one keystore and one truststore.
The following properties of the integration node registry component must be defined correctly for policy sets and bindings:
If you want to check what security properties you have set for an integration node, use the mqsireportdbparms command.
To display all integration node registry values, run the command:
mqsireportproperties integrationNodeName -o BrokerRegistry -a
This returns entries like these:
BrokerRegistry=''
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile=''
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile=''
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
mqsichangeproperties integrationNodeName -o BrokerRegistry
-n brokerKeystoreFile
-v c:\keystore\server.keystore
Where c:\keystore\server.keystore is
the keystore to be referenced. mqsichangeproperties integrationNodeName -o BrokerRegistry
-n brokerTruststoreFile
-v c:\truststore\server.truststore
Where c:\truststore\server.truststore is
the truststore to be referenced.mqsisetdbparms integrationNodeName
-n brokerKeystore::password
-u temp -p pa55word
The user ID, which can be any value, is not required
to access the keystore.mqsisetdbparms integrationNodeName
-n brokerTruststore::password
-u temp -p pa55word
The user ID, which can be any value, is not required
to access the keystore.mqsisetdbparms integrationNodeName
-n brokerTruststore::keypass::encKey
-u temp -p pa55word
The user ID, which can be any value, is not required
to access the keystore.