Configuring SSL or TLS for an integration node or server

You configure SSL or TLS for your IBM® App Connect Enterprise integration node or server by modifying properties in a .yaml configuration file. You also use the mqsisetdbparms command to set a password.

Before you begin

  • Start an instance of the IBM App Connect Enterprise command console. You can use the console to create a username and password by issuing the mqsisetdbparms command.

Procedure

  1. Use a YAML editor to open the .yaml configuration file for your integration node or server.

    If you do not have access to a YAML editor, you can edit the file by using a plain text editor; however, you must ensure that you do not include any tab characters, which are not accepted in YAML and would cause your configuration to fail. If choose to use a plain text editor, ensure that you use a YAML validation tool to validate the content of your file.

    For more information about working with YAML, see http://www.yaml.org/start.html.

  2. Uncomment the following lines in the .yaml file: 
    #sslCertificate: '/path/to/serverPKCS.p12'  ...
#sslPassword: 'adminRestApi::sslpwd'        ...

    Where adminRestApi::sslpwd is the default resource name to be specified on the mqsisetdbparms command.

    You can specify values inside or without single quotes1. Also note the comments in the .yaml file about values to specify for the type of server certificate that you want to use.

  3. In the line that starts SslCertificate, specify the file path to the server certificate on your system.
    For example, to use a p12 certificate:
    sslCertificate: '/Work/ACEv11/certificates/ssl/key.p12'   # See comment below
  4. To use a pem certificate, in the line that starts SslPassword specify the file path to the pem file.
    For example:
    sslPassword: '/Work/ACEv11/certificates/ssl/cakey.pem'   # See comment below
  5. Save the .yaml file.
    The properties that you set in the .yaml file take effect when the integration node or server is started. If you modify these properties again, you must also restart the integration node or server.
  6. To use a p12/pfx certificate, run the mqsisetdbparms command to specify the password for your server certificate.
    • Ensure that you specify the resource name on the -n parameter as adminRestApi::sslpwd to match the sslPassword value in the .yaml file.
    • The -u (username) value is ignored.
    For example:
    mqsisetdbparms -w c:\workdir\ACEServ1 -n adminRestApi::sslpwd -u dummy -p password
  7. Restart the integration node or server for the changes to take effect.

What to do next

When you use the IBM App Connect Enterprise Toolkit to create a connection to the integration node or server, ensure that you select the Use HTTPS check box in the Create connection wizard.
1 To be more explicit about the string values, you should put the values inside quotes.