Configuring the MQ Connectivity key repository by using REST Administration APIs

System administrators can configure the MQ Connectivity key repository by using MQ Connectivity. The MQ Connectivity key database file and password stash file that are to be used in the MQ SSL certificate must first be copied to Eclipse Amlen by using the Eclipse Amlen REST API PUT method. System administrators can then create the MQ SSL certificate by using the Eclipse Amlen REST API POST method. Existing certificates can also be updated by system administrators by using the Eclipse Amlen REST API POST method. The MQ SSL certificate is used to secure connections between IBM MQ and Eclipse Amlen.

Before creating an MQ SSL certificate, system administrators must first copy an MQ Connectivity key database file and password stash file to Eclipse Amlen by using the Eclipse Amlen REST API PUT method or by using the Amlen WebUI. For more information about using the Amlen WebUI to uploadcopy an MQ Connectivity key database file and password stash file, see Configuring the MQ Connectivity key repository by using the Amlen WebUI. System administrators can then apply these files by using the Eclipse Amlen REST API POST method in order to create an MQ SSL certificate. Existing MQ SSL certificates can also be updated by system administrators by using the Eclipse Amlen REST API POST method.

After creating or updating the MQ SSL certificate, you must restart the MQ Connectivity process if you want to use the new or updated certificate.

  1. To create an MQ SSL certificate, first copy the MQ Connectivity key database file and password stash file from the local machine to /var/lib/amlen-server/userfiles in Eclipse Amlen by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:

    http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>

  2. To create or update the MQ SSL certificate, use the Eclipse Amlen REST API POST method.
    1. Use the following Eclipse Amlen configuration URI:

      http://<admin-endpoint-IP:Port>/ima/v1/configuration/

    2. Provide MQ SSL certificate object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown. 
      
{    
  "MQCertificate": {"MQSSLKey":"string","MQStashPassword":"string", "Overwrite": true|false}
}
      Where:
      MQSSLKey
      Required if you are creating the MQ SSL certificate.
      Specifies the name of the key database file.
      After the profile is created, this name cannot be changed.
      MQStashPassword
      Required if you are creating the MQ SSL certificate.
      Specifies the name of the password stash file.
      Overwrite: true|false
      Optional.
      Specifies whether the existing key database file and password stash file are overwritten.
      The default value is false which means that an existing key database file and password stash file are not overwritten if they have the same name.
  3. To use the new or updated MQ SSL certificate, restart the MQ Connectivity process.
    For more information about restarting the MQ Connectivity process, see Starting, restarting and stopping the MQ Connectivity process by using REST Administration APIs.
The following example shows the PUT method to copy MQ Connectivity key database file mqconnectivity.kdb and password stash file mqconnectivity.sth to /var/lib/amlen-server/userfiles in Eclipse Amlen by using cURL:
curl -X PUT -T mqconnectivity.kdb http://127.0.0.1:9089/ima/v1/file/mqconnectivity.kdb

curl -X PUT -T mqconnectivity.sth http://127.0.0.1:9089/ima/v1/file/mqconnectivity.sth
The following example shows a POST method to create an MQ SSL certificate by using cURL. 

curl -X POST \
  -H 'Content-Type: application/json'  \
  -d '{
       "MQCertificate":{
         "MQSSLKey": "mqconnectivity.kdb",
         "MQStashPassword": "mqconnectivity.sth"
       }
     }
  ' \
http://127.0.0.1:9089/ima/v1/configuration
The following shows an example response to the POST method.

{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}

You can check that the configuration of the MQ SSL certificate is as expected by using the Eclipse Amlen REST Administration API GET method. For more information about using the GET method to check the configuration of the MQ SSL certificate, see Viewing configuration details of an MQ SSL certificate by using a REST Administration API.