Configure an integration server to refer to a keystore, a truststore, or both, before deploying any message flows that require policy set or bindings for signature, encryption, or X.509 Authentication.
An integration server is a named grouping of message flows that have been assigned to a broker. The broker enforces a degree of isolation between message flows in distinct integration servers by ensuring that they run in separate address spaces, or as unique processes. For more information about integration servers, see Integration servers.
Integration server keystore and truststore runtime property values override equivalent property values on the broker, if any are set.
Keystores can contain two kinds of entries: key entries and trusted certificate entries. If a keystore is used to contain trusted certificates, it is typically referred to as a truststore. IBM® Integration Bus can refer to a keystore and a truststore per integration server. When the broker is encrypting or decrypting, it uses entries in its keystore; if the broker is verifying a signature or performing X.509 authentication, it uses entries in its truststore.
To display integration server level properties, run the command:
mqsireportproperties broker_name -o ComIbmJVMManager -a -e integration_server
mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager
–n keystoreFile
-v c:\keystore\server.keystore,JKS
where c:\keystore\server.keystore,JKS is
a Java™ keystore (JKS). mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager
–n truststoreFile
-v c:\truststore\server.truststore
where c:\truststore\server.truststore is
the truststore to be referenced.mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager -n keystorePass
-v integration_server::keystorePass
mqsisetdbparms broker_name -n integration_server::keystorePass -u na -p password
mqsichangeproperties broker_name -e integration_server -o ComIbmJVMManager -n truststorePass
-v integration_server::truststorePass
mqsisetdbparms broker_name -n integration_server::truststorePass -u na -p password
If you add new certificates to a keystore or truststore, to ensure that the new certificates are picked up, you must reload the Java virtual machine (JVM). You can reload the JVM by restarting the integration server.