Thursday, February 18, 2010

Enable SSL between WebServer (plugin-in) and the WebSphere Application Server

Enable SSL between WebServer (plugin-in) and the WebSphere Application Server


To setup a new SSL-Connection between a IBM HTTP Server (IHS) and your WebSphere Application Server (6.1) a (self-signed) CA SSL certificate has to be propageted to all involved servers.

When setting up a IHS via the administrative console SSL between IHS and WebSphere AppServer should be enabled by default.

1. First take a look at your plugin-cfg.xml of your IHS installation and search for the entry Property Name="keyring"...




ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="server1_testNodeoglxanclatest32Bit_Cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60"

Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="testNodeoglxanclatest32Bit_server1" ServerIOTimeout="0" WaitForContinue="false"

Transport Hostname="oglxanclatest" Port="9080" Protocol="http"/

Transport Hostname="oglxanclatest" Port="9443" Protocol="https"

Property Name="keyring" Value="/opt/HTTP/Plugins/config/test-webserver/plugin-key.kdb"/

Property Name="stashfile" Value="/opt/HTTP/Plugins/config/test-webserver/plugin-key.sth"/

/Transport

/Server

/ServerCluster

This tags defines the location of the Key-Database for the secure connection between your IHS and your AppServer.

2. In administrative console of WebSphere go to Servers > WebServers > "your webserver" > Plugin-in properties



On this page all necessary entries should be done automatically. To re-copy the default plugin-in.key to your IHS press "Copy to Webserver key store directory".


3. Restart your IHS

###############################################################



To manually setup SSL between IHS and WebSphere first locate the plugin-key.kdb on your AppServer. Than copy over the plugin-key.kdb to the IHS into the specified location (get location form picture above). Then edit the plugin-cfg.xml of the IHS (see tag from step 1). Then restart your IHS and your WebSphere instance

No comments:

Post a Comment