App Connect

 View Only

  • 1.  enableSSL

    Posted Wed September 15, 2021 06:05 AM 

    mqsichangeproperties ACENODE -b webadmin -o server -n enableSSL -v true
BIP8844I: Changing the persisted properties for the integration node 'ACENODE'. The changes will not be used until after the next integration node restart.
BIP8829E: Invalid property name 'enableSSL' specified.
Property names must be valid XML element or XML attribute names.​

    i have been trying to configure my server to be able to use SSL but everytime i mention ssl  it gives me this error ,please kindly advise if it is possible at all ,even the  -n sslProtocol  -v SSL gives the same error




    ------------------------------
    Timothy Viriri
    ------------------------------


  • 2.  RE: enableSSL

    Posted Thu September 23, 2021 09:25 AM

    If you are using any version of ACE, then this is not a valid command.  The enableSSL option does not exist in ACE.  SSL is enabled by adding a certificate.  See the sslCertificate and sslPassword properties.  The node.conf.yaml has comments to help you fill these output.  You can use a PEM cert or a P12 keystore.

    The same is true for sslProtocol.  This does not exist.  The new property is minimumTlsVersion.  Depending on the listener, your options are TLSv1.2+ or TLSv1.0+.  The TLSv1.0+ is only applicable to the web UI.  The flow listener only supports TLSv1.2+.

    You can use the mqsireportproperties command to see the available options:

    RestAdminListener
  antiClickJackingOption='SAMEORIGIN'
  authAttemptsDuration='300'
  authBlockedDuration='300'
  authMaxAttempts='5'
  authorizationEnabled='false'
  authorizationMode='file'
  basicAuth='false'
  caPath=''
  host=''
  ipcSocket=''
  ipcSocketGroup=''
  ipcSocketPermissions=''
  ldapAuthorizeUrl=''
  ldapBindDn=''
  ldapBindPassword='********'
  ldapCheckServerIdentity='true'
  ldapConnectTimeout='120000'
  ldapIdleTimeout='0'
  ldapReadTimeout='60000'
  ldapUrl=''
  maximumTlsVersion='TLSv1.2'
  minimumTlsVersion='TLSv1.0'
  port='7600'
  requireClientCert='false'
  sessionTimeout='86400'
  sslCertificate=''
  sslPassword='********'
  tlsCipherList=''
  tlsTrace='false'


    ------------------------------
    MATTHEW SEGALL
    ------------------------------

    Original Message