176 Using IBM WebSphere Message Broker as an ESB with WebSphere Process Server
3. Import the self-signed certificate into the Java Development Kit (JDK™)
certificate authority (CA):
# keytool -import -keystore $JAVA_HOME/lib/security/cacerts -file
ca.cer -alias sam730rr_ca
4. Create a keystore called sam730rr.keystore:
# keytool -genkey -alias sam730rr -keyalg RSA -keysize 1024
-keystore sam730rr.keystore -storetype JKS
5. Import your self-signed certificate to your keystore:
# keytool -import -alias sam730rr_ca -keystore sam730rr.keystore
-trustcacerts -file ca.cer
6. Create a truststore called sam730rr.truststore using the self-signed
certificate:
# keytool -import -alias sam730rr_ca -keystore sam730rr.truststore
-file ca.cer
7.3.2 Configuring WebSphere Message Broker security
After creating a self-signed certificate, a keystore should be defined for the
HTTPListener object on the broker. We used the following steps to link the
keystore to a broker called
SAM730BRK inside WebSphere Message Broker:
1. Go to the directory where the keystore or truststore was created, and type
mqsiprofile to configure the necessary environment variables that are used
by the broker. $MQSI_HOME must configured on the $PATH variable.
2. Turn on SSL support:
# mqsichangeproperties SAM730BRK -b httplistener -o HTTPListener -n
enableSSLConnector -v true
Changing the password: The default password for the cacerts file is
“changeit.” If you want to change the password, use the following
command:
$ keytool -storepasswd -new <<new password>> -storepass changeit
-keystore $JAVA_HOME/lib/security/cacerts
If this command does not work on Windows, instead of defining the
JAVA_HOME environment variable, type the full JDK path name:
C:/jdk1.5.0_12/jre/lib/security/cacerts
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.