| Author |
Message
|
| broker_new |
 Posted: Fri May 02, 2008 7:04 am Post subject: Problem in Configuring HTTPS |
 |
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
I followed all the steps provided in Information center to configure HTTPS for Broker V6.
]mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> keytool -genkey -keypass abcdefgh -keystore BROKER1.kdb -alias Service1
Enter keystore password: abcdefgh
What is your first and last name?
[Unknown]: SPLS EAI
What is the name of your organizational unit?
[Unknown]: IT
What is the name of your organization?
[Unknown]: SPLS
What is the name of your City or Locality?
[Unknown]: FRAMINGHAM
What is the name of your State or Province?
[Unknown]: MA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=SPLS EAI, OU=IT, O=SPLS, L=FRAMINGHAM, ST=MA, C=US correct? (type "yes" or "no")
[no]: yes
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> keytool -export -alias Service1 -file Service1.cer -keystore /opt/IBM/mqsi/6.0/jre/bin/BROKER1.kdb -keypass abcdefgh
Enter keystore password: abcdefgh
Certificate stored in file <Service1.cer>
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n keystoreFile -v /opt/IBM/mqsi/6.0/jre/bin/BROKER1.kdb
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n keystorePass -v abcdefgh
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n port -v 7090
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsistop -i BROKER1
BIP8145I: Execution Group process IDs default-921692 were forced to terminate.
The Broker was shutdown forcibly, this caused Execution Group processes to be killed.
This action may leave system, database, WebSphere MQ or Application resources in a locked state. Some resource locks may need freeing manually, others will not need any action to be taken.
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsistart BROKER1
WebSphere MQ queue manager running.
BIP8096I: Successful command initiation, check the system log to ensure that the component started without problem and that it continues to run without problem.
In the Syslog i found the following error.
But Broker is still listening on HTTPS and iam able to receive the response from it.Can we ignore this error ?
( HTTPListener ) An exception occurred while starting the servlet engine connector. Exception text is 'LifecycleException: Protocol handler start failed: java.io.FileNotFoundException: C:\IBM\MQSI\6.0\catalina\BROKER1.kdb (The system cannot find the file specified) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529) at com.ibm.broker.httplistener.TomcatWrapper.startSecureHTTPSConnector(TomcatWrapper.java:128) at com.ibm.broker.httplistener.HTTPListenerManager.run(HTTPListenerManager.java:168) at java.lang.Thread.run(Thread.java:570) '
There are many possible causes of this error. Common causes are:
1: The SSL keystoreFile does not exist or could not be found at the location specified in the 'keystoreFile' property or in the default location of: (<home directory of user-id running the broker>\.keystore)
2: The SSL keystoreFile was found but was accessed with an incorrect password.
3: The SSL key alias in the keystore has a password that is different from the keystore password.
However, this may be an internal error, possibly due to a faulty
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
 |
| broker_new |
| Posted: Mon May 05, 2008 10:00 am Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
I placed the keystore file and the self signed certificate at this location C:\IBM\MQSI\6.0\catalina and i deleted the previous broker and did the same configuration .
It worked fine
SYSLOG
----------
( HTTPListener ) The HTTP Listener has started listening on port ''7080'' for ''http'' connections.
The HTTP Listener process is currently listening on the broker-specific TCPIP port ''7080'' for connections of type ''http''
No user action required.
HTTPListener ) The HTTP Listener has started listening on port ''8097'' for ''https'' connections.
The HTTP Listener process is currently listening on the broker-specific TCPIP port ''8097'' for connections of type ''https''
No user action required.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| broker_new |
| Posted: Mon May 05, 2008 1:13 pm Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
mqm6@h00004:/opt/IBM/mqsi/6.0/jre/bin #>
keytool -genkey -keypass abcdefgh -keystore BROKER1.kdb -alias Service1
Using the above command it is creating a keystore file which is valid for 3 months .I need to change it to one year.I triedediting it using the iKeyMan but it is not allowing.Could anyone help me to changeit.
_________________
IBM ->Let's build a smarter planet |
|
| Back to top |
|
|
| raghug |
| Posted: Fri Jun 27, 2008 6:16 am Post subject: what are the steps I need to install the SSL for broker |
|
|
Acolyte
Joined: 19 Jul 2006
Posts: 60
Location: NJ
|
Hi Broker_new
I have ssl cert (.cer) file I need to install on the broker which is runing on aix what are the steps I need please advice me
Thanks
Raghu |
|
| Back to top |
|
|
| broker_new |
| Posted: Sun Jun 29, 2008 1:34 pm Post subject: |
|
|
Yatiri
Joined: 30 Nov 2006
Posts: 614
Location: Washington DC
|
Raghu,My question to you is are you providing the service or invoking a webservice.
If you are going to invoke a webservice you need to import it into cacerts file which will be in /jre/lib/secuity.
if you are going to provide the service you need to configure the broker runtime to listen on HTTPS port using the following commands.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPListener -n enableSSLConnector -v true
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n keystoreFile -v /opt/IBM/mqsi/6.0/jre/bin/BROKER1.kdb
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n keystorePass -v abcdefgh
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsichangeproperties BROKER1 -b httplistener -o HTTPSConnector -n port -v 7090
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsistop -i BROKER1
BIP8145I: Execution Group process IDs default-921692 were forced to terminate.
The Broker was shutdown forcibly, this caused Execution Group processes to be killed.
This action may leave system, database, WebSphere MQ or Application resources in a locked state. Some resource locks may need freeing manually, others will not need any action to be taken.
BIP8071I: Successful command completion.
mqm6@h0004:/opt/IBM/mqsi/6.0/jre/bin #> mqsistart BROKER1
WebSphere MQ queue manager running.
BIP8096I: Successful command initiation, check the system log to ensure that the component started without problem and that it continues to run without problem. |
|
| Back to top |
|
|
| saisumanth3690 |
| Posted: Tue Jul 02, 2019 7:10 am Post subject: |
|
|
Newbie
Joined: 01 Jul 2019
Posts: 2
|
Hi Broker_new
I am trying to invoke an rest api from http request node.
I have ssl cert (.cer) file I need to install on the broker(IIB 10.0.0.5) which is running on windows system what are the steps I need please advice me
Thanks
sai |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jul 02, 2019 7:20 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| saisumanth3690 wrote: |
Hi Broker_new
I am trying to invoke an rest api from http request node.
I have ssl cert (.cer) file I need to install on the broker(IIB 10.0.0.5) which is running on windows system what are the steps I need please advice me |
This user hasn't posted to the forum in 3 years. I'd not hold my breath waiting for a reply, but instead follow the advice given by my worthy associate on your other thread.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
