Configuring certificates for IBM MQ Appliance web UI
You can configure the IBM® MQ Appliance web UI to use certificates that you supply.
About this task
You use the appliance command line interface to configure the IBM MQ Appliance web UI to use your certificates.
To set up secure communication between a browser and the IBM MQ Appliance web UI and to handle certificates, you create an SSL server profile on the appliance. You import the required certificates and key file to the appliance, and create definition objects for them. The definition objects are used when you create an ID credentials (idcred) object for the appliance. The idcred is in turn used when you configure the SSL server profile. Finally, the SSL server profile is associated with your web management profile.
If you want to configure client validation, you import the certificates of the clients that are going to be allowed to connect. You then create definition objects for the certificates, which are used when you create a validation credential (valcred) object. The valcred object is in turn used when you configure the SSL server profile.
The example in this topic assumes that you have a signed certificate for the appliance. When
making certificate requests for an appliance, the CN part of the distinguished name must be the URL
that you type to reach the web UI. For example, myappliance1.ourcompany.com
. If you
want to set up the profile to validate connecting clients, you also require the relevant client
certificates.
By default the web management service listens on all of the appliance ports (local
address
set to 0.0.0.0). You can, however, configure the service so that it listens on an
IP address or host alias of a specific port (and so limit access to the web UI - see Changing the IBM MQ Appliance web UI IP address and port).