Scribd
Upload
95 views

Certificate Authority (CA) : Truststore Directory Structure

This document discusses configuring SSL on WebSphere Message Broker. It covers SSL terminology, the nodes used for SSL, truststore directory structure, and the steps to configure SSL which include generating a keystore, certificate signing request, importing certificates, and validating the configuration.

Uploaded by

SandeepNayak
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
95 views

Certificate Authority (CA) : Truststore Directory Structure

This document discusses configuring SSL on WebSphere Message Broker. It covers SSL terminology, the nodes used for SSL, truststore directory structure, and the steps to configure SSL which include generating a keystore, certificate signing request, importing certificates, and validating the configuration.

Uploaded by

SandeepNayak
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Introduction

In many environments, Secured Socket Layer (SSL) configuration is challenging


because of the number of components involved in the configuration and setup. SSL
configuration and usage in IBM WebSphere MQ is altogether different from SSL
usage in WebSphere Message Broker, including differences in terminology.
Implementing WebSphere Message Broker SSL requires a good understanding of
WebSphere Message Broker nodes for developers, as well as a good understanding
of WebSphere Message Broker Infrastructure for infrastructure support teams.
WebSphere Message Broker is a convenient central point for web services brokering
and transformation of Web Services Definition Language (WSDL) definitions. A
message flow can either be a requester (client) that calls out to a web service, or it
can be a service provider that its web service clients invoke. The most commonly
nodes used for this purpose are HTTPInput node, HTTPReply node, HTTPRequest
node, and the corresponding HTTPS nodes.
This article show you how to implementing SSL on WebSphere Message Broker and
configure HTTP to use SSL (HTTPS) communication.

Terminology
Certificate authority (CA)
A trusted third-party that issues digital certificates. The digital certificate
certifies the ownership of a public key by the named subject of the
certificate.
Certificate signing request (CSR)
A message sent from an applicant to a certificate authority in order to apply
for a digital identity certificate.
Keystore
A repository that stores the key entries and security certificates used for
instance in SSL encryption.
Nodes In WebSphere Message Broker
Nodes are entities that you can use to define and create message flows. Of
the many nodes available in WebSphere Message Broker, the following
ones are used to with SSL: HTTPInput, HTTPReply, HTTPRequest,
SOAPInput, SOAPReply, SOAPRequest, SOAPAsyncRequest.
Truststore
If a keystore that is used to contain trusted certificates.

Truststore directory structure

The Trust store cacerts file in a Java keystore (JKS) format is stored in the following
default locations on AIX:

WebSphere Message Broker V6:


/opt/IBM/mqsi/610/jre15/ppc64/lib/security

WebSphere Message Broker V7:


/opt/IBM/mqsi/7.0/jre16/lib/security
The keystore file can be stored in any location as long as it is specified in the broker
registry, as described below.

SSL configuration steps


As in WebSphere MQ, SSL configuration in WebSphere Message Broker requires a
key repository, referred to as a keystore. SSL is used to enhance the security of the
WebSphere Message Broker infrastructure. Here are the high-level SSL
configuration steps:

1.

2.
3.
4.
5.
o
o
o

Generate a keystore -- There are several ways to create a


keystore file such as usinggsk7cmd/gsk6cmd, which comes as part of the
Global Secure Toolkit (GSK) graphical tool called ikeyman. This article
uses a command-line tool called keytool.
Generate a certificate signing request (CSR) for the existing
keystore.
Import a root or intermediate Certificate Authority (CA) certificate to
the existing keystore.
Import a signed certificate to the existing keystore.
Validate the certificate details, including:
List all certificates.
List a specific certificate.
List trusted CA certificates.
1. Generate a keystore
keytool -genkey -alias <broker name> -keystore <broker name>.jks -keysize 2048

The keytool command will be in path of the Broker

You might also like