You can secure connections to the web user interface of
an integration node so that the web user interface is accessible
only over HTTPS.
About this task
When an integration node is created, connections
with the web user interface are not secured and the web user interface
is accessible over HTTP.
Complete the following steps from
the command environment to secure connections to the web user
interface so that the web user interface can be accessed only over
HTTPS.
Note: Securing the connections to the web user interface
does not control access to the web user interface. To control
access to the web user interface, you must enable administration
security, create web user accounts for your users, and define
roles and permissions; see
Controlling access to data and resources in the web user interface.
Procedure
- Enable SSL on the integration node by running the following
command:
mqsichangeproperties int_node -b webadmin -o server -n enableSSL -v true
where
int_node is the name of your integration
node.
- Configure the SSL port for the web user interface by running
the following command:
mqsichangeproperties int_node -b webadmin -o HTTPSConnector -n port -v port_number
where
port_number is the port that you want to
use for SSL.
- Configure the web user interface with the path to the keystore:
mqsichangeproperties int_node -b webadmin -o HTTPSConnector -n keystoreFile -v keystore_path
where
keystore_path is
the path to the keystore file.
The server certificate that is placed in the keystore
must contain the hostname in either the Common Name (CN) field, or
as a Subject Alternative Name.
- Configure the web user interface with the password
for the keystore by issuing the following commands:
mqsichangeproperties int_node -b webadmin -o HTTPSConnector -n keystorePass -v webadminkeystore::password
where webadminkeystore::password
is a fixed literal resource name to be used in the mqsisetdbparms command that
specifies the actual password.
-
mqsisetdbparms int_node -n webadminkeystore::password -u ignore -p password
- Stop and restart your integration node:
mqsistop int_node
mqsistart int_node
Results
Your web user interface is now accessible only over HTTPS.