ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Having problem with SSL/HTTPS on Websphere MQ

Post new topic  This topic is locked: you cannot edit posts or make replies.
 Having problem with SSL/HTTPS on Websphere MQ « View previous topic :: View next topic » 
Author Message
zhaider
PostPosted: Thu Oct 29, 2015 10:58 am    Post subject: Having problem with SSL/HTTPS on Websphere MQ Reply with quote

Apprentice

Joined: 08 Oct 2015
Posts: 40
Hi,

I'm trying to setup SSL on Websphere MQ using the guides I found on the internet. I was provided with a certificate named certnew.cer. This is what I have done:

+++++++++++++++++++++++++++++++++
STEPS TO CONFIGURE HTTPS SSL PROTOCOL
+++++++++++++++++++++++++++++++++

1)Import certificate
keytool -import -trustcacerts -alias root.Cert -file certnew.cer -keystore SOABroker.jks

2)traverse to C:\Program Files\IBM\MQSI\9.0.0.0\jre17\lib\security
keytool -import -trustcacerts -alias root.Cert -file "C:\Program Files (x86)\IBM\source\WebSphere MQ 7.5.0.5\jre\jre\bin\certnew.cer" -keypass 123456 -keystore cacerts -storepass 123456


4)Enable SSL
mqsichangeproperties SOABroker -b httplistener -o HTTPListener -n enableSSLConnector -v true

5)Modify Broker to point to Keystore file
mqsichangeproperties SOAUBLBroker -b httplistener -o HTTPSConnector -n keystoreFile -v "C:\Program Files (x86)\IBM\source\WebSphere MQ 7.5.0.5\jre\jre\bin\SOABroker.jks"

6)Add Broker Keystore file to broker registry
mqsichangeproperties SOABroker -o BrokerRegistry -n brokerKeystoreFile -v "C:\Program Files (x86)\IBM\source\WebSphere MQ 7.5.0.5\jre\jre\bin\SOABroker.jks"

7)Add Broker Truststore file to broker registry
mqsichangeproperties SOABroker -o BrokerRegistry -n brokerTruststoreFile -v "C:\Program Files\IBM\MQSI\9.0.0.0\jre17\lib\security\cacerts"

Set registry password for broker trustsore
mqsisetdbparms SOABroker -n brokerTruststore::password -u temp -p changeit

9) associate the broker with keystore password
mqsichangeproperties SOABroker -b httplistener -o HTTPSConnector -n keystorePass -v 123456

10) Associate a port fr broker to serve HTTPS rquests
mqsichangeproperties SOABroker -b httplistener -o HTTPSConnector -n port -v 7094

11) Associate a port for broker to serve HTTP requests
mqsichangeproperties SOABroker -b httplistener -o HTTPConnector -n port -v 7091

12 Change JVM Attributes
mqsichangeproperties SOABroker -o ComIbmJVMManager -n jvmMaxHeapSize -v 1048576000
mqsichangeproperties SOABroker -o ComIbmJVMManager -n jvmMinHeapSize -v 134217728

13) Verify the broker properties
mqsireportproperties SOABroker -b httplistener -o HTTPConnector -n port
mqsireportproperties SOABroker -b httplistener -o HTTPSConnector -n port
mqsireportproperties SOABroker -e Ofam -o ComIbmJVMManager -r

14)Restart the Broker
mqsistop SOABroker
mqsistart SOABroker

+++++++++++++++++++++++++++++++++++++++++++++++++
CONFIGURING PORTS EXCLUSIVELY FOR EXECUTION GROUP
+++++++++++++++++++++++++++++++++++++++++++++++++

-----Additional Step from file on production------
mqsichangeproperties SOABroker -e Ofam -o HTTPSConnector -n clientAuth -v true

15)Configure SSL Protocol
mqsichangeproperties SOABroker -e Ofam -o HTTPSConnector -n sslProtocol -v SSLv3

16)Configure the port for SOAP over HTTP requests
mqsichangeproperties SOABroker -e Ofam -o HTTPSConnector -n explicitlySetPortNumber -v 7963

17)Associate the keystore file with broker EG
mqsichangeproperties SOABroker -e Ofam -o HTTPSConnector -n keystoreFile -v "C:\Program Files (x86)\IBM\source\WebSphere MQ 7.5.0.5\jre\jre\bin\SOABroker.jks"

18)Associate keystor type
mqsichangeproperties SOABroker -e Ofam -o HTTPSConnector -n keystoreType -v JKS

19)Associate Keystore password
mqsichangeproperties SOABroker -e Ofam -o HTTPSConnector -n keystorePass -v 123456

+++++++++++++++++++++++++++++++++++++++++++++++
CONFIGURING JVM ATTRIBUTES FOR EXECUTION GROUPS
+++++++++++++++++++++++++++++++++++++++++++++++

20)Configuring Keystore file
mqsichangeproperties SOABroker -e Ofam -o ComIbmJVMManager -n keystoreFile -v "C:\Program Files (x86)\IBM\source\WebSphere MQ 7.5.0.5\jre\jre\bin\SOABroker.jks"

21)Keystore Type
mqsichangeproperties SOABroker -e Ofam -o ComIbmJVMManager -n keystoreType -v JKS

22)
mqsichangeproperties SOABroker -e Ofam -o ComIbmJVMManager -n keystorePass -v 123456

23)
mqsichangeproperties SOABroker -e Ofam -o ComIbmJVMManager -n truststoreFile -v "C:\Program Files (x86)\IBM\source\WebSphere MQ 7.5.0.5\jre\jre\bin\SOABroker.jks"

24)
mqsichangeproperties SOABroker -e Ofam -o ComIbmJVMManager -n truststoreType -v JKS

25)
mqsichangeproperties SOABroker -e Ofam -o ComIbmJVMManager -n truststorePass -v brokerTruststore::password


mqsireportproperties SOABroker -e Ofam -o HTTPSConnector -r

Now I was provided an app with a webservice that is configured to run on both HTTP and HTTPS. When I try to access the WSDL using the HTTP, it works perfectly and the WSDL gets displayed in the Internet Explorer but when I try to acess using the HTTPS link the Internet Explorer displays a page not found error.

Please help in sorting this out.

Thanks.
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Oct 29, 2015 11:00 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
Don't double post. It won't get your question answered any faster. Especially double posting in inappropriate sections - you're describing a broker SSL configuration not an MQ one!
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  This topic is locked: you cannot edit posts or make replies. Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Having problem with SSL/HTTPS on Websphere MQ
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.