WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Viewing and setting keystore and truststore runtime properties at execution group level

Configure an execution group to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.

An execution group is a named grouping of message flows that have been assigned to a broker. The broker enforces a degree of isolation between message flows in distinct execution groups by ensuring that they run in separate address spaces, or as unique processes. For more information about execution groups, see Execution groups.

Execution group keystore and truststore runtime property values override equivalent property values on the broker, if any are set.

Keystores can contain two kinds of entries: key entries and trusted certificate entries. If a keystore is used to contain trusted certificates, it is typically referred to as a truststore. WebSphere® Message Broker can refer to a keystore and a truststore per execution group. When the broker is encrypting or decrypting, it uses entries in its keystore; if the broker is verifying a signature or performing X.509 authentication, it uses entries in its truststore.

The following sample demonstrates the use of viewing and setting keystore and truststore runtime properties at execution group level: You can view information about samples only when you use the information center that is integrated with the WebSphere Message Broker Toolkit or the online information center. You can run samples only when you use the information center that is integrated with the WebSphere Message Broker Toolkit.

Displaying execution group level properties

To display execution group level properties, run the command:

mqsireportproperties broker_name -o ComIbmJVMManager -a -e execution_group

Updating the execution group reference to a keystore

To update the broker reference to a keystore at an execution group level, use the following command:
mqsichangeproperties broker_name -e execution_group -o ComIbmJVMManager 
  –n  keystoreFile 
  -v c:\keystore\server.keystore,JKS 
where c:\keystore\server.keystore,JKS is a Java™ keystore (JKS).

Updating the execution group reference to a truststore

To update the broker reference to a truststore at an execution group level, use the following command:
mqsichangeproperties broker_name -e execution_group -o ComIbmJVMManager 
  –n  truststoreFile 
  -v c:\truststore\server.truststore 
where c:\truststore\server.truststore is the truststore to be referenced.

Updating the keystore and truststore passwords

The commands used to update the keystore and truststore passwords at execution group level are the same as those used when setting keystore and truststore runtime properties at broker level.
To use the default broker password for the keystore, the keystorePass parameter must be blank, or it must be set to brokerKeystore::password. To use a password other than the default broker password, use the following commands:
mqsichangeproperties broker_name -e execution_group -o ComIbmJVMManager -n keystorePass 
-v execution_group::keystorePass

mqsisetdbparms broker_name -n execution_group::keystorePass -u na -p password
To use the default broker password for the truststore, the truststorePass parameter must be blank, or it must be set to brokerTruststore::password. To use a password other than the default broker password, use the following commands:
mqsichangeproperties broker_name -e execution_group -o ComIbmJVMManager -n truststorePass 
-v execution_group::truststorePass

mqsisetdbparms broker_name -n execution_group::truststorePass -u na -p password

Adding new certificates to a keystore or truststore

If you add new certificates to a keystore or truststore, to ensure that the new certificates are picked up, you must reload the Java virtual machine (JVM). You can reload the JVM by restarting the execution group.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:46:26


Task topicTask topic | Version 8.0.0.7 | ac56640_