| Author |
Message
|
| kaki |
 Posted: Tue Jan 25, 2011 10:59 am Post subject: HTTP SSL issues |
 |
|
Newbie
Joined: 04 May 2006
Posts: 5
|
Hi All,
My Environment is WMB61, FP3, AIX
I have some existing HTTP flows running with out SSL. I need to create a new flow with SSL implemented on HTTP Request and HTTP Input/Reply.
Flow Design
HTTP Input-->Compute Node-->HTTP Request--->HTTP Reply
I applied SSL on HTTP Request node using
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystoreFile -v /home/KDB
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststoreFile -v /home/KDB
mqsisetdbparms BRKR1 -n brokerkeystore::password -u MB -p passwort
mqsisetdbparms BRKR1 -n brokerTruststore::password -u MB -p passwort
Bounced the broker.
My flow worked fine with HTTP Request SSL.
Now i did configuration for HTTP INpput/reply using
wmbadm@wbidev1:adm> mqsichangeproperties BRKR1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
wmbadm@wbidev1:adm> mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -nkeystoreFile -v /home/KDB
wmbadm@wbidev1:adm> mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -n keystorePass -v passwort
wmbadm@wbidev1:adm> mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -n port -v 7777
Bounced the broker.
Now My New interface is not working and the existing interfaces are also impacted.
Could you please let me know where is the mistake.
Thanks |
|
| Back to top |
|
 |
| gag_nm |
| Posted: Tue Jan 25, 2011 11:16 pm Post subject: |
|
|
Centurion
Joined: 16 Oct 2008
Posts: 102
|
HI Kaki,
In below commands you did not mention file name with extension.
| Quote: |
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystoreFile -v /home/KDB
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststoreFile -v /home/KDB |
suppose if your keystore name is key.jks,then it should be something
| Quote: |
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystoreFile -v /home/KDB/key.jks
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststoreFile -v /home/KDB/key.jks |
you need to execute below command set Keystore file type.
| Quote: |
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystoreType -v JKS
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststoreType -v JKS
|
| Quote: |
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystoreType -v JKS
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystoreFile -v /home/KDB/key.jks
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerKeystorePass -v passwort
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststoreType -v JKS
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststoreFile -v /home/KDB/key.jks
mqsichangeproperties BRKR1 -o BrokerRegistry -n brokerTruststorePass -v passwort
mqsistop BRKR1 -- Stop Broker
Run below commands
mqsisetdbparms BRKR1 -n brokerKeystore::password -u MB -p passwort
mqsisetdbparms BRKR1 -n brokerTruststore::password -u MB -p passwort
mqsistart BRKR1 -- start Broker
Runn below steps for HTTPInput/Reply
mqsichangeproperties BRKR1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -n keystoreType -v JKS you missed this step
mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -n keystoreFile -v /home/KDB/key.jks
mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -n keystorePass -v passwort
mqsichangeproperties BRKR1 -b httplistener -o HTTPSConnector -n port -v 7777
|
then check Registry, that you can check by using following command,
verify all properties, which you have set.
mqsireportproperties BRKR-o BrokerRegistry -a
mqsireportproperties BRKR-b httplistener -o HTTPSConnector -a |
|
| Back to top |
|
|
| kaki |
| Posted: Wed Jan 26, 2011 9:43 am Post subject: HTTP SSL issues |
|
|
Newbie
Joined: 04 May 2006
Posts: 5
|
Thanks Gag.
1. Is it mandatory to have extension .jks at the end for the Key/Trust store databases ?
2. Is it mandatory to set "brokerKeystoreType"
I am seeing on by Broker
BrokerRegistry
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile='/home/KDB'
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile='/home/KDB'
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
operationMode='
3. When i run below command HTTP flows were impacted. Why?
mqsichangeproperties BRKR1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
Appreciated your help.
Thanks, |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jan 26, 2011 8:02 pm Post subject: Re: HTTP SSL issues |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| kaki wrote: |
Thanks Gag.
3. When i run below command HTTP flows were impacted. Why?
mqsichangeproperties BRKR1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
Appreciated your help.
Thanks, |
Did you use a different port for https and http? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| gag_nm |
| Posted: Wed Jan 26, 2011 8:54 pm Post subject: |
|
|
Centurion
Joined: 16 Oct 2008
Posts: 102
|
|
| Back to top |
|
|
| kaki |
| Posted: Fri Jan 28, 2011 12:18 am Post subject: HTTP SSL issues |
|
|
Newbie
Joined: 04 May 2006
Posts: 5
|
Thanks Saper and Gag.
Saper I am using different ports for HTTP(7082) and HTTPS(changed to 7804 now).
I ran the commands recommende by Gag and also changed the KDB to KDB.jks.
I see these properties now
:trace> mqsireportproperties BRKR1 -b httplistener -o HTTPSConnector -a
HTTPSConnector
uuid='HTTPSConnector'
algorithm='Platform Default'
clientAuth='Platform Default'
keystoreFile='/home/KDB.jks'
keystorePass='*********'
keystoreType='JKS'
sslProtocol='Platform Default'
ciphers='Platform Default'
address=''
port='7804'
allowTrace=''
maxPostSize=''
acceptCount=''
bufferSize=''
compressableMimeTypes=''
compression=''
connectionLinger=''
connectionTimeout=''
maxHttpHeaderSize=''
maxKeepAliveRequests=''
maxSpareThreads=''
maxThreads=''
minSpareThreads=''
noCompressionUserAgents=''
restrictedUserAgents=''
socketBuffer=''
tcpNoDelay=''
enableLookups='false'
-------------------------------------------------------
:trace> mqsireportproperties BRKR1 -o BrokerRegistry -a BrokerRegistry
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile='/home/KDB.jks'
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile='/home/KDB.jks'
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
operationMode=''
Other HTTP flows started failing after
mqsichangeproperties BRKR1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
Then i ran mqsichangeproperties BRKR1 -b httplistener -o HTTPListener -n enableSSLConnector -v '' then HTTP flows started working fine.
Any clue why they are failing ?
Thanks. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jan 28, 2011 9:09 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
working as designed. You need to specify a different port for SSL so that it won't impact the non SSL traffic.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
