You configure SSL or TLS for your IBM® App Connect Enterprise integration node or server
by modifying properties in a .yaml configuration
file. You also use the mqsisetdbparms command to set
a password.
Before you begin
- Start an instance of the IBM App Connect Enterprise command
console. You can use the console to create a username and password
by issuing the mqsisetdbparms command.
Procedure
- Use a YAML editor to open the .yaml configuration
file for your integration node or server.
If you do
not have access to a YAML editor, you can edit the file by using a
plain text editor; however, you must ensure that you do not include
any tab characters, which are not accepted in YAML and would cause
your configuration to fail. If choose to use a plain text editor,
ensure that you use a YAML validation tool to validate the content
of your file.
For more information about working with YAML,
see http://www.yaml.org/start.html.
- Uncomment the following lines in the .yaml file:
#sslCertificate: '/path/to/serverPKCS.p12' ...
#sslPassword: 'adminRestApi::sslpwd' ...
Where adminRestApi::sslpwd
is the default resource name to be specified on the
mqsisetdbparms command.
You can specify values inside or without single quotes1. Also note the comments in the
.yaml file about values to specify for the type of server certificate that you
want to use.
- In the line that starts
SslCertificate
, specify the file path to the
server certificate on your system.
For example, to use a p12
certificate:
sslCertificate: '/Work/ACEv11/certificates/ssl/key.p12' # See comment below
- To use a pem certificate, in the line that starts
SslPassword
specify
the file path to the pem file. For
example:
sslPassword: '/Work/ACEv11/certificates/ssl/cakey.pem' # See comment below
- Save the .yaml file.
The
properties that you set in the .yaml file take
effect when the integration node or server is started. If you modify
these properties again, you must also restart the integration node
or server.
- To use a p12/pfx certificate, run the mqsisetdbparms command to specify the password for your server certificate.
- Ensure that you specify the resource name on the -n parameter as
adminRestApi::sslpwd
to match the sslPassword
value in the
.yaml file.
- The -u (username) value is ignored.
For
example:
mqsisetdbparms -w c:\workdir\ACEServ1 -n adminRestApi::sslpwd -u dummy -p password
- Restart the integration node or server for the changes
to take effect.
What to do next
When
you use the IBM App Connect
Enterprise Toolkit to create a connection to the integration node
or server, ensure that you select the Use HTTPS check box in the Create
connection wizard.