You must connect over HTTPS, not HTTP, which is specified in the endpointAddress configuration parameter of the default WSRR
profile, DefaultWSRR. The endpointAddress configuration parameter must specify the domain qualified host name and
port of your WSRR server.
For
more information about the endpointAddress configuration
parameter, see Configuration parameters for the WebSphere Service Registry and Repository nodes.
To
access a secure WebSphere Service Registry and Repository, enter
the following sequence of commands:
- Ensure that the broker is running. If it is not,
use the mqsistart command
to start it.
- Use the ServiceRegistries configurable service to configure
the broker to use HTTPS to communicate with the WSRR server. You can
view the current configuration parameters for the ServiceRegistries
configurable service by using the following command:
mqsireportproperties IB9NODE -c ServiceRegistries -o DefaultWSRR -r
where:
-c specifies the configurable service (in this case, ServiceRegistries)
-o specifies the name of the object (in this case, DefaultWSRR)
-r specifies that all property values of the object are displayed, including the
child values, if appropriate.
To
change the
endpointAddress configuration parameter to
specify HTTPS and the secure port for the
DefaultWSRR of the ServiceRegistries
configurable service, use the following command. The endpointAddress applies to the version of WSRR
(for more information, see
Configuration parameters for the WebSphere Service Registry and Repository nodes).
mqsichangeproperties IB9NODE -c ServiceRegistries -o DefaultWSRR
-n endpointAddress
-v https://localhost:9443/WSRR6_1/services/WSRRCoreSDOPort
where:
-c specifies the configurable service (in this case, ServiceRegistries)
-o specifies the name of the object (in this case, DefaultWSRR)
-n specifies the names of the properties to be changed
(in this case, endpointAddress)
-v specifies the values of properties defined by the -n parameter
(in this case, https://localhost:9443/WSRR6_1/services/WSRRCoreSDOPort)
Note: If
the connection fails and reports the following
message:
BIP3680S: The following error was returned by WSRR: 'GSR0166E: An error occurred while trying to invoke the Web service
ensure
that you are using the correct domain qualified host name in the
endpointAddress in
the
DefaultWSRR configurable service.
For information about the
specific levels of WSRR that are supported with IBM® Integration Bus, see 
IBM Integration Bus Requirements.
- Configure the broker keystore to contain your
WSRR server certificate keys; for a discussion of digital certificates,
see Digital certificates.
Obtain these certificate keys from the installation of the WebSphere Application Server that hosts your WSRR server.
The broker uses a single keystore, therefore, if your broker also
implements WS-Security, HTTPS, or SSL-secured WebSphere MQ, you might need to merge the
provided keys into an existing keystore file. The broker keystore
is configured by using the mqsichangeproperties command
to change configuration parameters for the broker. Display the current
configuration parameters of the broker by using the following command:
mqsireportproperties IB9NODE -o BrokerRegistry -r
where:
-o specifies the name of the object (in this case, BrokerRegistry)
-r specifies that all property values of the object are displayed, including the
child values, if appropriate.
To change the
brokerKeystoreFile configuration
parameters for the broker, use the following command:
mqsichangeproperties IB9NODE -o BrokerRegistry
-n brokerKeystoreFile -v C:\WSRR\SSL\ClientKeyFile.jks
where:
-o specifies the name of the object (in this case, BrokerRegistry)
-n specifies the names of the properties to be changed (in this case, brokerKeystoreFile)
-v specifies the values of properties defined by the -n parameter
(in this case, C:\WSRR\SSL\ClientKeyFile.jks)
- Configure the broker truststore to contain signer certificates
for your WSRR server. As described previously for the keystore, the
broker uses a single truststore, therefore certificates might need
to be merged into an existing truststore file. The broker truststore
is configured by using the mqsichangeproperties command.
To change the brokerTruststoreFile configuration
parameters for the broker, use the following command:
mqsichangeproperties IB9NODE -o BrokerRegistry
-n brokerTruststoreFile -v C:\WSRR\SSL\ClientTrustFile.jks
where:
-o specifies the name of the object
(in this case, BrokerRegistry)
-n specifies the names of the properties to be changed
(in this case, brokerTruststoreFile)
-v specifies the values of properties defined by the -n parameter
(in this case, C:\WSRR\SSL\ClientTrustFile.jks)
- Stop the broker by using the mqsistop command. You
must stop the broker to complete the following step.
- Set the WebSphere Application Server user
name and password by using the following command:
mqsisetdbparms IB9NODE -n DefaultWSRR::WSRR -u wasuser -p waspass
where:
-n specifies the name of the data source
(in this case, DefaultWSRR::WSRR)
-u specifies the user ID to be associated with this data source (in this case, wasuser)
-p specifies the password to be associated with this data source (in this case, waspass)
- Set the brokerKeystore user name and password
by using the following command:
mqsisetdbparms IB9NODE -n brokerKeystore::password -u dummy -p WebAS
where:
-n specifies the name of the data source (in this case, brokerKeystore::password)
-u specifies the user ID to be associated with this data source (in this case, dummy)
-p specifies the password to be associated with this data source (in this case, WebAS)
- Set the brokerTrustStore user name and
password by using the following command:
mqsisetdbparms IB9NODE -n brokerTruststore::password -u dummy
-p WebAS
where:
-n specifies the name of the data source (in this case, brokerTruststore::password)
-u specifies the user ID to be associated with this data source (in this case, dummy)
-p specifies the password to be associated with this data source (in this case, WebAS)
- To use cache notification with your secure WSRR server, follow the instructions in Setting up cache notification.
- Restart the broker by using the mqsistart command.
Last updated Friday, 21 July 2017