Securing connections to web user interface in ACE




This blog explains step by step process of securing the web user interface in ACE using command line and using config file node.conf.yaml file.

Securing connections to web user interface in ACE


Initial Steps: If you already have a .p12 certificate available you can ignore this initial steps otherwise, refer the below link for creating certificate using openSSL

https://prasadvadnala.blogspot.com/2019/11/generating-p12-certificate-using-openssl.html

For configuration purpose, I will be using the below names for node and servers.

Integration Node Name    : ACE_IN01
.p12 certificate password  : password

========================================
Securing connection (https) using command line
========================================

Step 1: Execute the below command to point to the p12 certificate absolute path along with the certificate name using the below command

mqsichangeproperties ACE_IN01 -b webadmin -o RestAdminListener -n sslCertificate -v 'D:\p12\dev_certificate.p12'
              




Step 2: Next use the below command. In the below command "adminRestApi::sslpwd" is the default resource name that will be used while setting the p12 certificate password using mqsisetdbparms

mqsichangeproperties ACE_IN01 -b webadmin -o RestAdminListener -n sslPassword -v adminRestApi::sslpwd
                




Step 3: Navigate to "C:\ProgramData\IBM\MQSI\components\ACE_IN01\overrides" [/var/mqsi/components/ACE_IN01/overrides directory in Linux] and verify the node.conf.yaml file will reflect the above mentioned changes.

                













Step 4: Execute the mqsisetdbparms as below. The "password" for -p parameter is the password that you have set for your p12 certificate.

 mqsisetdbparms ACE_IN01 -n adminRestApi::sslpwd -u ignore -p password

                 



Step 5: Stop and Start the Integration node

mqsistop ACE_IN01
mqsistart ACE_IN01

                  





Step 6: Enter the web user interface URL https://localhost:4418 [use the host name and port number that you have assigned in your case] and verify if the page loads correctly using https. [In case you get an option of go to home page instead or continue to this webpage. Click on continue to the webpage link and proceed for loading of webuser interface.

Note: I have configured user name and password for web user interface. For how to generate user name and password, refer the blog 



                     


















========================================
Securing connection (https) using node.conf.yaml file
========================================


Step 1Navigate to "C:\ProgramData\IBM\MQSI\components\ACE_IN01" [/var/mqsi/components/ACE_IN01 directory in Linux] and open the node.conf.yaml file. check for Line 40 and Line 41 which will be modified in further steps.
           






Step 2: Un-comment line 40 and 41, give the absolute path along with the .p12 certificate name in line 40 for sslCertificate field. Let the value of sslPassword be the one that is already present in the default yaml file.
         








Step 3: Execute the mqsisetdbparms as below. The "password" for -p parameter is the password that you have set for your p12 certificate.

 mqsisetdbparms ACE_IN01 -n adminRestApi::sslpwd -u ignore -p password

                 



Step 4: Stop and Start the Integration node

mqsistop ACE_IN01
mqsistart ACE_IN01

                  





Step 5: Enter the web user interface URL https://localhost:4418 [use the host name and port number that you have assigned in your case] and verify if the page loads correctly using https. [In case you get an option of go to home page instead or continue to this webpage. Click on continue to the webpage link and proceed for loading of webuser interface.


Note: I have configured user name and password for web user interface. For how to generate user name and password, refer the blog 



                     

1 comment:

Subscribe to: Posts (Atom)