App Connect

Expand all | Collapse all

enableSSL

  • 1.  enableSSL

    Posted Wed September 15, 2021 06:05 AM

    mqsichangeproperties ACENODE -b webadmin -o server -n enableSSL -v true
    BIP8844I: Changing the persisted properties for the integration node 'ACENODE'. The changes will not be used until after the next integration node restart.
    BIP8829E: Invalid property name 'enableSSL' specified.
    Property names must be valid XML element or XML attribute names.​

    i have been trying to configure my server to be able to use SSL but everytime i mention ssl  it gives me this error ,please kindly advise if it is possible at all ,even the  -n sslProtocol  -v SSL gives the same error




    ------------------------------
    Timothy Viriri
    ------------------------------


  • 2.  RE: enableSSL

    Posted Thu September 23, 2021 09:25 AM

    If you are using any version of ACE, then this is not a valid command.  The enableSSL option does not exist in ACE.  SSL is enabled by adding a certificate.  See the sslCertificate and sslPassword properties.  The node.conf.yaml has comments to help you fill these output.  You can use a PEM cert or a P12 keystore.

    The same is true for sslProtocol.  This does not exist.  The new property is minimumTlsVersion.  Depending on the listener, your options are TLSv1.2+ or TLSv1.0+.  The TLSv1.0+ is only applicable to the web UI.  The flow listener only supports TLSv1.2+.

    You can use the mqsireportproperties command to see the available options:

    RestAdminListener
      antiClickJackingOption='SAMEORIGIN'
      authAttemptsDuration='300'
      authBlockedDuration='300'
      authMaxAttempts='5'
      authorizationEnabled='false'
      authorizationMode='file'
      basicAuth='false'
      caPath=''
      host=''
      ipcSocket=''
      ipcSocketGroup=''
      ipcSocketPermissions=''
      ldapAuthorizeUrl=''
      ldapBindDn=''
      ldapBindPassword='********'
      ldapCheckServerIdentity='true'
      ldapConnectTimeout='120000'
      ldapIdleTimeout='0'
      ldapReadTimeout='60000'
      ldapUrl=''
      maximumTlsVersion='TLSv1.2'
      minimumTlsVersion='TLSv1.0'
      port='7600'
      requireClientCert='false'
      sessionTimeout='86400'
      sslCertificate=''
      sslPassword='********'
      tlsCipherList=''
      tlsTrace='false'


    ------------------------------
    MATTHEW SEGALL
    ------------------------------