Viewing and setting keystore and truststore runtime properties at integration node level
Configure the integration node to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.
About this task
Keystores and truststores are both keystores. They differ
only in the way they are used.
- Put all private keys and public key certificates (PKC) in the keystore.
- Put all trusted root certificate authority (CA) certificates in the truststore. These certificates are used to establish the trust of any inbound public key certificates.
The only supported type of store is Java™ keystore (JKS).
Each instance of an integration node can be configured to refer to one keystore and one truststore.
The following properties of the integration node registry component must be defined correctly for policy sets and bindings:
If you want to check what security properties you have set for an integration node, use the mqsireportdbparms command.
Listing existing integration node registry entries
About this task
To display all integration node registry values, run the command:
mqsireportproperties integrationNodeName -o BrokerRegistry -a
This returns entries like these:
BrokerRegistry=''
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile=''
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile=''
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
Updating the integration node reference to a keystore
About this task
mqsichangeproperties integrationNodeName -o BrokerRegistry
-n brokerKeystoreFile
-v c:\keystore\server.keystore
Where c:\keystore\server.keystore
is
the keystore to be referenced. Updating the integration node reference to a truststore
About this task
mqsichangeproperties integrationNodeName -o BrokerRegistry
-n brokerTruststoreFile
-v c:\truststore\server.truststore
Where c:\truststore\server.truststore
is
the truststore to be referenced.Updating the integration node with the keystore password
About this task
mqsisetdbparms integrationNodeName
-n brokerKeystore::password
-u temp -p pa55word
The user ID, which can be any value, is not required
to access the keystore.Updating the integration node with the truststore password
About this task
mqsisetdbparms integrationNodeName
-n brokerTruststore::password
-u temp -p pa55word
The user ID, which can be any value, is not required
to access the keystore.Updating the integration node with a private key password
About this task
mqsisetdbparms integrationNodeName
-n brokerTruststore::keypass::encKey
-u temp -p pa55word
The user ID, which can be any value, is not required
to access the keystore.