WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Configure WebSphere® Message Broker on z/OS® for SSL

Define the location of the keystore and truststore, set passwords, and enable SSL.

The process is essentially the same as on Windows and UNIX. This topic describes how to enable SSL at broker level; it can also be done at execution group level for the SOAP nodes. See Configuring SOAPInput and SOAPReply nodes to use SSL (HTTPS) and Configuring SOAPRequest and SOAPAsyncRequest nodes to use SSL (HTTPS) for a description of the process on distributed platforms.

To execute the following commands, you can run the BIPCHPR job in the broker component library.

  1. Define the location of the keystore. This example shows how to define a keystore at broker level. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V8R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK -                          
      -o BrokerRegistry -                
      -n brokerKeystoreFile -              
      -v /u/csqpbrk/ssl/csqbrkKeystore.jks
  2. Define the location of the truststore. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V8R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK -                          
      -o BrokerRegistry -                
      -n brokerTruststoreFile -              
      -v /u/csqpbrk/ssl/csqbrkKeystore.jks
  3. Enable the HTTPS Connector. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V8R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK –
      -b httplistener -                         
      -o HTTPListener -                
      -n enableSSLConnector -              
      -v true
  4. Optional: Enable client authentication. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V8R0M0/bin/-     
    mqsichangeproperties -               
      CSQPBRK –
      -b httplistener -                         
      -o HTTPSConnector -                
      -n clientAuth -              
      -v true
  5. Stop the broker. You must stop the broker before you can define passwords.
  6. Define the keystore password. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V8R0M0/bin/-     
    mqsisetdbparms -               
      CSQPBRK –
      -n brokerKeystore::password –
      -u ignore - 
      -p changeit 
  7. Define the truststore password. For example:
    BPXBATSL PGM -                       
      /usr/lpp/mqsi/V8R0M0/bin/-     
    mqsisetdbparms -               
      CSQPBRK –
      -n brokerTruststore::password –
      -u ignore - 
      -p changeit
  8. Start the broker.
  9. Verify and test your configuration.
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:47:26


Task topicTask topic | Version 8.0.0.7 | ap34026_