App Connect

App Connect

Join this online user group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  enableSSL

    Posted Wed September 15, 2021 06:05 AM

    mqsichangeproperties ACENODE -b webadmin -o server -n enableSSL -v true
    BIP8844I: Changing the persisted properties for the integration node 'ACENODE'. The changes will not be used until after the next integration node restart.
    BIP8829E: Invalid property name 'enableSSL' specified.
    Property names must be valid XML element or XML attribute names.​

    i have been trying to configure my server to be able to use SSL but everytime i mention ssl  it gives me this error ,please kindly advise if it is possible at all ,even the  -n sslProtocol  -v SSL gives the same error




    ------------------------------
    Timothy Viriri
    ------------------------------


  • 2.  RE: enableSSL

    Posted Thu September 23, 2021 09:25 AM

    If you are using any version of ACE, then this is not a valid command.  The enableSSL option does not exist in ACE.  SSL is enabled by adding a certificate.  See the sslCertificate and sslPassword properties.  The node.conf.yaml has comments to help you fill these output.  You can use a PEM cert or a P12 keystore.

    The same is true for sslProtocol.  This does not exist.  The new property is minimumTlsVersion.  Depending on the listener, your options are TLSv1.2+ or TLSv1.0+.  The TLSv1.0+ is only applicable to the web UI.  The flow listener only supports TLSv1.2+.

    You can use the mqsireportproperties command to see the available options:

    RestAdminListener
      antiClickJackingOption='SAMEORIGIN'
      authAttemptsDuration='300'
      authBlockedDuration='300'
      authMaxAttempts='5'
      authorizationEnabled='false'
      authorizationMode='file'
      basicAuth='false'
      caPath=''
      host=''
      ipcSocket=''
      ipcSocketGroup=''
      ipcSocketPermissions=''
      ldapAuthorizeUrl=''
      ldapBindDn=''
      ldapBindPassword='********'
      ldapCheckServerIdentity='true'
      ldapConnectTimeout='120000'
      ldapIdleTimeout='0'
      ldapReadTimeout='60000'
      ldapUrl=''
      maximumTlsVersion='TLSv1.2'
      minimumTlsVersion='TLSv1.0'
      port='7600'
      requireClientCert='false'
      sessionTimeout='86400'
      sslCertificate=''
      sslPassword='********'
      tlsCipherList=''
      tlsTrace='false'


    ------------------------------
    MATTHEW SEGALL
    ------------------------------