Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

SSL and certificates Configuration in WebSphere Application Server 7

 
Ranch Hand
Posts: 64
Oracle Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, it's me again begging for some help with my IBM Websphere Application Server 7.0 Configuration. I've already installed the product and deployed a WAR file successfully, the next step is to manage certificates (ssl) with Websphere. I want to implement security for my applications. But I've been looking for any configuration guide or steps to follow and configure my server, but I couldn't find

I know IBM Websphere App Server comes with its own certificates, but a friend of mine sent me a certificate, which was the one that implemented security for a tomcat server we used to manage, this certificate also belongs to the team so we will have to use that, do you know how can I start with this?

I will really appreciate your help. Thanks in advance.

BR
 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
first make sure that your server is properly installed.
ensure that you have proper IP. I think you cant change the IP later.
make sure that you have installed the application properly and no settings left.
now its time to generate CSR file. Its a certificate signing request file.
use ikeyman utility in the bin folder from command prompt to generate certificate request.
Now a private key will be created and public key will be created.
private key you have to keep with your self.
public key you have to sent to CA, cetrificate authority.It may be thwate or verisign.
they will take 2-3 days to give you 3 files.
you have to use ikeyman again now.
You now again have to use those 3 files and add to that private key.
now you have to go to the websphere console and add the certificate path in settings.. I dont remember exact location..
from CSR generation to certificate installation, the 2-3 days, you should not do any changes in system..
thats what was told to me by my CA. that was undigestable to me though..
when there was any change in the settings like appserv02 instead of appserv01, in my case the certificate wont get installed.
so i suggest to first make a setup of system proper. then only start generation of CSR.
 
Marcelo Tataje
Ranch Hand
Posts: 64
Oracle Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much, but I've just configured my certificate successfully, I just used my cert.p12 and perfect, because that's all what I have

Thanks anyway, those steps also can help me to investigate.

The problem is that now my application can run with the HTTP Port and with the HTTPS Port too!!!

I don't know if there's a way to disable the HTTP Port to allow HTTPS Port only for my Enterprise applications. Any Help? Thank you very much

BR
 
samrat dhamale
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i earlier used to write filter for redirection of http request to https.
but my collegue has used this code successfully in tomcat in web.xml..

http://www.novell.com/communities/node/3235/redirect-incoming-http-requests-https-logging-novell-teaming

something like this..
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

try this in websphere . it may work.
if it doesnt work the you may try writing filter.
 
Marcelo Tataje
Ranch Hand
Posts: 64
Oracle Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much, I will implement this solution and let you know about my results. Thank you very much
 
Ranch Hand
Posts: 446
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes there is a way to disable HTTP Port in WAS. It is done in the WAS console. Are you using IBM HTTP Server in front of WAS? If yes then you need to disable the HTTP of the IBM HTTP Server as well.
 
Marcelo Tataje
Ranch Hand
Posts: 64
Oracle Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not using IBM HTTP Server in front of WAS, I'm just using IBM Websphere Application Server 7 and DB2 9.5 to deploy and launch my applications. Thank you very much for the information about console, I will look for it. Thanks a lot!
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic