我正在尝试使用带有ssl ws的soap请求节点,在我的情况下,我在文件夹(E:\ truststore)中下载了certif .cer,我试着做一些想法:
mqsireportproperties integrationNodeName -o ComIbmJVMManager -a -e integration_server
mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n truststoreFile -v E:\truststore
mqsichangeproperties integrationNodeName -e integration_server -o ComIbmJVMManager -n truststorePass -v integration_server::truststorePass
mqsisetdbparms IIBOAB -n integration_server::truststorePass -u na -p password
但我有这个错误:
文本:CHARACTER:javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有可用的X509TrustManager实现
能帮到我吗,谢谢
您的问题可能有多种原因,因此我将尝试回顾一切:
您设置密钥库的命令未指定密钥库/信任库名称。另外,在我的记忆中,你可以在BrokerRegistry上设置它,而不是在ComIbmJVMManager上设置它(但它可能有效)有效命令的一个例子:
mqsichangeproperties $BROKERNAME -o BrokerRegistry -n brokerKeystoreFile -v $KEYSTORE_iib_PATH/iib.jks
mqsichangeproperties $BROKERNAME -o BrokerRegistry -n brokerTruststoreFile -v $KEYSTORE_iibTrust_PATH/iibTrust.jks
mqsisetdbparms $BROKERNAME -n brokerTruststore::password -u $KEYSTORE_USER -p $KEYSTORE_PASSWORD
mqsisetdbparms $BROKERNAME -n brokerKeystore::password -u $KEYSTORE_USER-p $KEYSTORE_PASSWORD
此外,您可能还需要http侦听器的以下命令:
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n keystoreFile -v $KEYSTORE_iib_PATH/iib.jks
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n truststoreFile -v $KEYSTORE_iibTrust_PATH/iibTrust.jks
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPSConnector -n keystorePass -v $KEYSTORE_PASSWORD
mqsichangeproperties $BROKERNAME -b httplistener -o HTTPListener -n startListener -v true
这是集成总线部分。你的第二个错误(可能是最大的错误)是你不知道什么是密钥库/可信任的事实。将证书放入存储库不是密钥库。 (搜索一下JKS:Java Key Store)
您可以执行以下操作在Unix上生成您的信任库/密钥库:
keystoreName=iibTrust.jks
KEYSTORE_PASSWORD=123qwerty ## DO NOT USE THAT PLEASE
for certificate in `ls *.cer`;
do
alias=`echo $certificate | rev | cut -d '.' -f 2- | rev | cut -d '_' -f2`
keytool -importcert -file $certificate -keystore ${keystoreName}.jks -alias $alias -storepass $KEYSTORE_PASSWORD -noprompt
if [[ $? -ne 0 ]]; then "Unable to add $certificate in keystore $keystoreName.jks";
done
keytool -list -keystore ${keystoreName}.jks -storepass $KEYSTORE_PASSWORD
我基本上复制/粘贴了我的所有脚本以在IIB上启用SSL,所以有了所有这些信息,你应该能够使它工作。