aspose file tools*
The moose likes Websphere and the fly likes SSL and certificates Configuration in WebSphere Application Server 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "SSL and certificates Configuration in WebSphere Application Server 7" Watch "SSL and certificates Configuration in WebSphere Application Server 7" New topic
Author

SSL and certificates Configuration in WebSphere Application Server 7

Marcelo Tataje
Ranch Hand

Joined: Jan 31, 2011
Posts: 64

Hi, it's me again begging for some help with my IBM Websphere Application Server 7.0 Configuration. I've already installed the product and deployed a WAR file successfully, the next step is to manage certificates (ssl) with Websphere. I want to implement security for my applications. But I've been looking for any configuration guide or steps to follow and configure my server, but I couldn't find

I know IBM Websphere App Server comes with its own certificates, but a friend of mine sent me a certificate, which was the one that implemented security for a tomcat server we used to manage, this certificate also belongs to the team so we will have to use that, do you know how can I start with this?

I will really appreciate your help. Thanks in advance.

BR
samrat dhamale
Greenhorn

Joined: Apr 15, 2011
Posts: 11
first make sure that your server is properly installed.
ensure that you have proper IP. I think you cant change the IP later.
make sure that you have installed the application properly and no settings left.
now its time to generate CSR file. Its a certificate signing request file.
use ikeyman utility in the bin folder from command prompt to generate certificate request.
Now a private key will be created and public key will be created.
private key you have to keep with your self.
public key you have to sent to CA, cetrificate authority.It may be thwate or verisign.
they will take 2-3 days to give you 3 files.
you have to use ikeyman again now.
You now again have to use those 3 files and add to that private key.
now you have to go to the websphere console and add the certificate path in settings.. I dont remember exact location..
from CSR generation to certificate installation, the 2-3 days, you should not do any changes in system..
thats what was told to me by my CA. that was undigestable to me though..
when there was any change in the settings like appserv02 instead of appserv01, in my case the certificate wont get installed.
so i suggest to first make a setup of system proper. then only start generation of CSR.
Marcelo Tataje
Ranch Hand

Joined: Jan 31, 2011
Posts: 64

Thank you very much, but I've just configured my certificate successfully, I just used my cert.p12 and perfect, because that's all what I have

Thanks anyway, those steps also can help me to investigate.

The problem is that now my application can run with the HTTP Port and with the HTTPS Port too!!!

I don't know if there's a way to disable the HTTP Port to allow HTTPS Port only for my Enterprise applications. Any Help? Thank you very much

BR
samrat dhamale
Greenhorn

Joined: Apr 15, 2011
Posts: 11
i earlier used to write filter for redirection of http request to https.
but my collegue has used this code successfully in tomcat in web.xml..

http://www.novell.com/communities/node/3235/redirect-incoming-http-requests-https-logging-novell-teaming

something like this..
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

try this in websphere . it may work.
if it doesnt work the you may try writing filter.
Marcelo Tataje
Ranch Hand

Joined: Jan 31, 2011
Posts: 64

Thank you very much, I will implement this solution and let you know about my results. Thank you very much
Deepak Pant
Ranch Hand

Joined: Feb 13, 2004
Posts: 443
Yes there is a way to disable HTTP Port in WAS. It is done in the WAS console. Are you using IBM HTTP Server in front of WAS? If yes then you need to disable the HTTP of the IBM HTTP Server as well.
Marcelo Tataje
Ranch Hand

Joined: Jan 31, 2011
Posts: 64

I'm not using IBM HTTP Server in front of WAS, I'm just using IBM Websphere Application Server 7 and DB2 9.5 to deploy and launch my applications. Thank you very much for the information about console, I will look for it. Thanks a lot!
 
 
subject: SSL and certificates Configuration in WebSphere Application Server 7