Configuring SOAPInput and SOAPReply nodes to use SSL (HTTPS)

Configure the SOAP nodes to communicate with other applications that use HTTPS by creating a keystore file, and configuring the integration node to use SSL.

Before you begin

Set up a public key infrastructure (PKI) at integration node or integration server level: Setting up a public key infrastructure.

About this task

Follow these steps to configure the SOAPInput and SOAPReply nodes to communicate with other applications using HTTP over SSL:

  1. If you are using the integration node listener: Configure the integration node to use SSL
  2. If you are using the integration server (embedded) listener: Configure an integration server to use SSL

If you configured your integration node and integration servers such that the integration node listener is used for some integration servers, and the integration server listener for other integration servers, you must complete step 1 for the first set of integration servers and step 2 for each integration server in the second set.

For information about which listener to use for HTTP messages, see HTTP listeners.

Configuring the integration node to use SSL

About this task

Complete the following steps:

Procedure

  1. Turn on SSL support in the integration node, by setting a value for enableSSLConnector 
    mqsichangeproperties integrationNodeName
  -b httplistener -o HTTPListener 
  -n enableSSLConnector -v true
  2. Optional: If you do not want to use the default port 7083 for HTTPS messages, specify the port on which the integration node listens: 
    mqsichangeproperties integrationNodeName
  -b httplistener -o HTTPSConnector
  -n port -v Port_to_listen_on_for_https

    On UNIX systems, only processes that run under a privileged user account (in most cases, root) can bind to ports lower than 1024.

    For the integration node to listen on these ports, the user ID under which the integration node is started must be root.
  3. Optional: Enable Client Authentication (mutual authentication): 
    mqsichangeproperties integrationNodeName -b httplistener -o HTTPSConnector
  -n clientAuth -v true
  4. Restart the integration node after changing one or more of the HTTP listener properties.
  5. Optional: Use the following commands to display HTTP listener properties: 
    mqsireportproperties integrationNodeName -b httplistener -o AllReportableEntityNames -a 
mqsireportproperties integrationNodeName -b httplistener -o HTTPListener -a 
mqsireportproperties integrationNodeName -b httplistener -o HTTPSConnector  -a

Configuring an integration server to use SSL

About this task

Complete the following steps:

Procedure

  1. Optional: Specify a specific port on which the integration server listens for HTTPS requests, or leave the value unset to use the next available port number. 
    mqsichangeproperties integrationNodeName
  -e integration_server_name -o HTTPSConnector
  -n explicitlySetPortNumber -v port_number
    On UNIX systems, only processes that run under a privileged user account (in most cases, root) can bind to ports lower than 1024. For the integration server to listen on these ports, the user ID under which the integration node is started must be root.

    If you do not complete this step, the first available port in the default range (7843 - 7884) is used.

  2. Optional: Enable Client Authentication (mutual authentication): 
    mqsichangeproperties integrationNodeName
  -e integration_server_name -o HTTPSConnector
  -n clientAuth -v true
  3. Optional: Change the SSL protocol.
    The default protocol for the HTTPInput node is TLS. Run the following command to change it to SSL:
    mqsichangeproperties integrationNodeName
  -e integration_server_name -o HTTPSConnector
  -n sslProtocol -v SSL
  4. Restart the integration node after changing one or more of the listener properties.
  5. Optional: Use the following command to display HTTPS properties: 
    mqsireportproperties integrationNodeName 
  -e integration_server_name -o HTTPSConnector  -r