Securing connections to the web user interface

You can secure connections to the web user interface of an integration node so that the web user interface is accessible only over HTTPS.

Before you begin

You must have a public key infrastructure and access to the keystore and password; see Setting up a public key infrastructure.

About this task

When an integration node is created, connections with the web user interface are not secured and the web user interface is accessible over HTTP.

Complete the following steps from the command environment to secure connections to the web user interface so that the web user interface can be accessed only over HTTPS.
Note: Securing the connections to the web user interface does not control access to the web user interface. To control access to the web user interface, you must enable administration security, create web user accounts for your users, and define roles and permissions; see Controlling access to data and resources in the web user interface.

Procedure

  1. Enable SSL on the integration node by running the following command: 
    mqsichangeproperties int_node -b webadmin -o server -n enableSSL -v true
    where int_node is the name of your integration node.
  2. Configure the SSL port for the web user interface by running the following command: 
    mqsichangeproperties int_node -b webadmin -o HTTPSConnector -n port -v port_number
    where port_number is the port that you want to use for SSL.
  3. Configure the web user interface with the path to the keystore: 
    mqsichangeproperties int_node -b webadmin -o HTTPSConnector -n keystoreFile -v keystore_path
    where keystore_path is the path to the keystore file.

    The server certificate that is placed in the keystore must contain the hostname in either the Common Name (CN) field, or as a Subject Alternative Name.

  4. Configure the web user interface with the password for the keystore by issuing the following commands: 
    1. mqsichangeproperties int_node -b webadmin -o HTTPSConnector -n keystorePass -v webadminkeystore::password
      where webadminkeystore::password is a fixed literal resource name to be used in the mqsisetdbparms command that specifies the actual password. 
    2. mqsisetdbparms int_node  -n webadminkeystore::password -u ignore -p password
  5. Stop and restart your integration node: 
    mqsistop int_node
mqsistart int_node

Results

Your web user interface is now accessible only over HTTPS.