Configuring SOAPInput and SOAPReply nodes to use SSL (HTTPS)

Configure the SOAP nodes to communicate with other applications that use HTTPS by creating a keystore file, and configuring the integration server or integration node to use SSL.

Before you begin

Set up a public key infrastructure (PKI) at integration server level: Setting up a public key infrastructure.

About this task

Follow these steps to configure the SOAPInput and SOAPReply nodes to communicate with other applications by using HTTP over SSL:

  1. If you are using the integration node listener: Configure the integration node to use SSL.

    If you use an integration node listener, you must specify a default queue manager for the integration node. For more information, see Interaction between IBM App Connect Enterprise and IBM MQ.

  2. If you are using the integration server (embedded) listener: Configure an integration server to use SSL

If you configured your integration node and integration servers such that the integration node listener is used for some integration servers, and the integration server listener for other integration servers, you must complete step 1 for the first set of integration servers and step 2 for each integration server in the second set.

For more information about which listener to use for HTTP messages, see HTTP listeners.

Configuring an integration node to use SSL

If you want to use the integration node listener for HTTPS, configure values for the node's HTTP listener properties.

About this task

Complete the following steps:

Procedure

  1. Optional: If you do not want to use the default port 7083 for HTTPS messages, specify the port on which the integration node listens: 
    mqsichangeproperties integrationNodeName
  -b httplistener -o HTTPSConnector
  -n port -v Port_to_listen_on_for_https

    On UNIX systems, only processes that run under a privileged user account (in most cases, root) can bind to ports lower than 1024.

    For the integration node to listen on these ports, the user ID under which the integration node is started must be root.
  2. Optional: Enable Client Authentication (mutual authentication): 
    mqsichangeproperties integrationNodeName -b httplistener -o HTTPSConnector
  -n ReqClientAuth -v true
  3. Restart the integration node after you change one or more of the HTTP listener properties.
  4. Optional: Use the following commands to display HTTP listener properties: 
    mqsireportproperties integrationNodeName -b httplistener -o AllReportableEntityNames -a 
mqsireportproperties integrationNodeName -b httplistener -o HTTPListener -a 
mqsireportproperties integrationNodeName -b httplistener -o HTTPSConnector  -a