Configure the message broker to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.
The only supported type of store is Java™ keystore (JKS).
Each instance of a broker can be configured to refer to one keystore and one truststore.
The following properties of the broker registry component must be defined correctly for policy sets and bindings:
If you want to check what security properties you have set for a broker, use the mqsireportdbparms command.
To display all broker registry values, run the command:
mqsireportproperties broker_name -o BrokerRegistry -a
This returns entries like these:
BrokerRegistry=''
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile=''
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile=''
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
mqsichangeproperties broker_name -o BrokerRegistry
–n brokerKeystoreFile
-v c:\keystore\server.keystore
Where c:\keystore\server.keystore is
the keystore to be referenced. mqsichangeproperties broker_name -o BrokerRegistry
–n brokerTruststoreFile
-v c:\truststore\server.truststore
Where c:\truststore\server.truststore is
the truststore to be referenced.mqsisetdbparms broker_name
-n brokerKeystore::password
-u temp -p pa55word
The user ID, which can be any value, is not required to access the keystore.mqsisetdbparms broker_name
-n brokerTruststore::password
-u temp -p pa55word
The user ID, which can be any value, is not required to
access the keystore.mqsisetdbparms broker_name
-n brokerTruststore::keypass::encKey
-u temp -p pa55word
The user ID, which can be any value, is not required to
access the keystore.