Configuring the IBM App Connect Enterprise web user interface

You can use the node.conf.yaml and server.conf.yaml configuration files to configure the port that is used to connect to the web user interface, and to secure the connection.

1. Open the node.conf.yaml or server.conf.yaml configuration file for your integration node or server, by using a YAML editor.

   If you do not have access to a YAML editor, you can edit the file by using a plain text editor; however, you must ensure that you do not include any tab characters, which are invalid characters in YAML and would cause your configuration to fail. If you are using a plain text editor, ensure that you use a YAML validation tool to validate the content of your file.

Set the RestAdminListener properties, which control the settings for the web user interface:

2. Set the port property to the port that will be used by the web user interface and the IBM App Connect Enterprise Toolkit. By default, this port is set to 4414.
3. Optional: If you want to secure the connection, set the following properties:
   1. Set host: 'hostname'
      Specify the host name where the integration node or integration server is running.
   2. If you want to use basic authentication for users logging in to the web user interface, uncomment the following property:

      basicAuth: true

      Specify whether clients require a web user name and password (true or false).

      You will also need to create at least one username and password, by running the mqsicredentials (or mqsiwebuseradmin) command as described in the later step section "Additional steps for security configuration".

   3. If you want to use SSL or TLS to secure the connection:
      Set the following properties:

      sslCertificate

      Specify the path to the server certificate store, in the form /path/to/serverPKCS.p12.

      If you are using a .pem certificate, the sslCertificate is the full path to the server certificate key.

      If you are using .p12 or .pfx certificate, the sslCertificate is the full path to the server certificate store file.

      sslPassword

      Specify either the name of a keystore type credential if you use the mqsicredentials command or the server certificate password alias, in the form adminRestApi::sslpwd if you use the mqsisetdbparms command. .

      If you are using a .pem certificate, the sslPassword is the full path to the server private key, which must be a standard private key and not an encrypted one.

      If you are using .p12 or .pfx certificate, the sslPassword is the passphrase or alias to the passphrase of the certificate store.

      You will also need to set the password to be used for your server certificate, by running the mqsicredentials (or mqsisetdbparms) command as described in the later step section "Additional steps for security configuration".

   4. If you want to use SSL client certificates (mutual authentication):

      requireClientCert

      Specify whether a certificate is to be requested from the client (true or false).

      caPath

      Specify the file path that contains certificate authority certificates; all files in this path will be read.

4. If you want to view message flow statistics in the web user interface, you must also enable the reporting of message flow statistics and accounting data, as described in Configuring the collection of message flow statistics by using a .yaml configuration file. The web user interface consumes message flow statistics and accounting data in JSON format, which means that you must include json as one of the values in the outputFormat property in the .conf.yaml configuration file.
5. If you want to view resource statistics in the web user interface, you must enable the reporting of these statistics as described in Managing resource statistics collection.
6. Save the .yaml file. The properties that you set in the .yaml file take effect when the integration node or server is started. If you modify these properties again, you must also restart the integration node or server.
7. Restart the integration node or server for the changes to take effect.

Additional steps for security configuration:

8. If you set basicAuth: true, create one or more usernames and passwords that users should specify when starting the web user interface.
   In the IBM App Connect Enterprise command console, create a username and password by issuing the mqsiwebuseradmin command. For example:

   mqsiwebuseradmin -w c:\workdir\ACEServ1 -u admin -a password -c

   For more information about configuring basic authentication, see Configuring HTTP basic authentication for an integration node or server.

9. If you set sslCertificate and sslPassword to use SSL or TLS to secure the connection
   In the IBM App Connect Enterprise command console, use the mqsicredentials command to set the password to be used for your server certificate. For example:

   mqsicredentials --work-dir c:\workdir\ACEServ1 --create --credentialType keystore --credentialName sslpwd --password password   

   You do not need to specify a username. Ensure that you set the sslPassword property in the node.conf.yaml or server.conf.yaml configuration file to the value that you specify for credentialType in the command.

   Alternatively, you can use the mqsisetdbparms command. For example:

   mqsisetdbparms -w c:\workdir\ACEServ1 -n adminRestApi::sslpwd -u dummy -p password 

   For more information about configuring use of SSL or TLS to secure the connection, see Configuring SSL or TLS for an integration node or server.