Change SSL port from 9443 to 443 in websphere

Posted on 2006-03-20
Last Modified: 2013-12-10
I have IBM Websphere running on Windows server 2003. I want to change SSL port from 9443 to 443. This is what I have done:
* I open administrative console
* I go to: Servers > Application servers > (server name) > Ports > WC_defaulthost_secure (I change 9443 to 443)
* I go to: Environment > Virtual Hosts > default_host > Host Aliases > *  (I change 9443 to 443)
* I save it and logout
* I stop the server and restart the server

However it doesn't work. What am I missing here? Please help. Thank you.
Question by:alex_wareing
    LVL 5

    Expert Comment

    Can you elaborate on what you meant by not working ?
    Are you getting a blank page ? Any errors in the log files ?

    Author Comment

    Yes, I'm getting a blank page (The page cannot be displayed). I don't see any error in the log files.
    LVL 23

    Accepted Solution


    Setting up SSL:

    This section describes the overall tasks that are required to configure SSL for Workplace™ Services Express. Some of these tasks are performed on WebSphere® Application Server and the Web server. These steps are summarized here, but you should refer to the WebSphere Application Server and the Web server for more detailed information. Steps that are unique to Workplace Services Express are described in detail here.

    After completing the following procedure, all requests, starting with the site login, are encrypted.

    Configuring Workplace Services Express for SSL adds security to the client-portal exchange. It encrypts all traffic between the client browser and the server, so that no one can "eavesdrop" on the information that is exchanged over the network between the client browser and the portal. In addition, the LTPAToken and other security and session information can be completely protected against hijack and replay attacks.

    Configuring Workplace Services Express for SSL is a multistep process that actually involves configuring each of the following components:

    Web (HTTP) server running in front of WebSphere Application Server
    WebSphere Application Server
    Workplace Services Express
    In general, the Web server must be configured to accept inbound SSL traffic. Then, the WebSphere Application Server plug-in for the Web server must be configured to forward traffic on that port to WebSphere Application Server and Workplace Services Express. This involves configuring the virtual host information. Finally, Workplace Services Express must be set up to generate self-referencing URLs using SSL as the transport.

    Configure the Web server to support HTTPS. This involves setting up the Web server to accept inbound connections from client browsers over SSL. The Web server must have a port defined (usually 443), and the necessary certificates and keys must be installed.
    If this is a production environment, you must obtain a certificate from a certificate authority. For testing purposes, you can use IKEYMAN to generate a self-signed certificate. Use the following resources for detailed instructions:

    IBM WebSphere V5.0 Security, SG24-6573-00
    the Web server documentation
    Configure the WebSphere Application Server plug-in for the Web server to forward Workplace Services Express traffic that is received over SSL to WebSphere Application Server (which will then forward the traffic to Workplace Services Express). Update the virtual host list for WebSphere Application Server to include the correct host name and port number, and regenerate the plug-in configuration.
    Open the WebSphere Application Server Administrative Console and click Environment > Virtual Hosts.
    Add a host alias for the host name and SSL port that were added to the Web server in step 1. In a default setup, simply adding the new alias to the "default_host" virtual host will be sufficient. Note that the host name might be "*", or might be a fully qualified host name. Usually this would be the host name of the Web server.
    If the Web server is remote, copy the plugin-cfg.xml file to the remote Web server.
    Click Environment > Update Web Server Plugin. Click OK.
    Note: For a full description of the virtual hosts function of WebSphere Application Server, see the WebSphere Application Server documentation.
    In configurations where the Web server and Workplace Services Express reside on separate machines, requests to the Web server are rerouted to the application server. Under these circumstances, you can also configure SSL between the Web server and the application server to provide more complete security. This requires that you create additional keyfiles for the Web server plug-in and for the embedded HTTPD of WebSphere Application Server.
    Note: For complete instructions for this step, refer to the section 10.11: SSL between the Web server and WebSphere of IBM WebSphere V5.0 Security (SG24-6573-00).

    Edit in install_root/PortalServer/shared/app/config/services/ and change the following parameters:

        redirect.login.ssl = true
        host.port.https = alias_port

    where alias_port is the port number that is used for the virtual host alias that is specified in step 2. The parameter redirect.logout.ssl determines the protocol that is used when the logout button is clicked. If this parameter is set to true, https is used. If this parameter is set to false, http is used. This setting is not affected by the protocol that is used to access the main portal page.

    Edit the following web.xml files to change instances of the <security-constraint> tag of the protected portal URL to use HTTPS.
    install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
    presenceimsiplets.war/WEB-INF/web.xml. One instance of the <security-constraint> tag
    is included in this file.

    install_root/AppServer/installedApps/hostname/WPCP_Authoring.ear/pcm.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
    install_root/AppServer/installedApps/hostname/WPCP_Runtime.ear/wpcpruntime.war/WEB-INF/web.xml. Two instances of the <security-constraint> tag are included in this file.
    install_root/AppServer/installedApps/hostname/pdmauthor.ear/pdmauthor.war/WEB-INF/web.xml. Four instances of the <security-constraint> tag are included in this file.
    An example of the tag is shown below. This example is from the file: install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml.

          <security-constraint id="SecurityConstraint_1">
             <web-resource-collection id="WebResourceCollection_1">
             <auth-constraint id="AuthConstraint_1">
                <role-name>All Role</role-name>
             <user-data-constraint id="UserDataConstraint_4">
                <transport-guarantee>CONFIDENTIAL</transport-guarantee> // replace NONE by CONFIDENTIAL
    Perform the following steps to provide the ssl=true attribute in the appropriate JavaServer Pages (JSPs):
    Locate the JSP files in the following path (including subdirectories): install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/
    Search the JSP files for the following string: screen="Login"
    This string represents the login link to the tag for the login button.
    This screen="Login" string is within a wps:url anchor tag, for example: <a href='<wps:url home="public" screen="Login"/>'>
    The exact structure of this tag can vary depending on how it was constructed by the page designer. JSP comments might also be used to indicate where the login link is located: <%-- login button --%>
    For each JSP file that contains this string, edit the file to add the ssl="true" attribute to the wps:url anchor tag.
    Note: One exception is the file install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/ToolBarInclude.jsp. For this file, change ssl="false" to ssl="true".
    The following example shows where the attribute should be entered.

    <%-- login button --%>
    <wps:if loggedIn="no" notScreen="Login">
    <td valign="middle">
       <a href='<wps:url home="public" ssl="true" screen="Login"/>'>
          <img src='<wps:urlFindInTheme file="nav_login.gif"/>'
             alt='<wps:text key="link.login" bundle="nls.engine"/>'
             border="0" align="absmiddle" width="25" height="25"
             title='<wps:text key="link.login" bundle="nls.engine"/>'>
    Perform the following steps:
    Edit the following properties files to modify the wpcp.serverUrl value from http to https, for example, change wpcp.serverUrl= to wpcp.serverUrl= where is the HTTPS server your Workplace server is configured to use. All of the following files are in the install_root/WorkplaceServer/properties directory.
    Edit the install_root/WorkplaceServer/properties/ file to modify the workplaceurl.serverUrl value. Change the value from workplaceurl.serverUrl= to workplaceurl.serverUrl=
    Delete the compiled JSPs from the application server cache by removing the contents of the following directory:

    Restart the Web server and the Workplace Services Express server for these changes to take effect.
    Test your changes by launching the site home page in a Web browser and clicking the login link. The session will be directed to a secure connection after you log in. A browser security prompt appears after you click the login link to send your credentials to the server.

    this may help you.


    Featured Post

    Training Course: Java/J2EE and SOA

    This course will cover both core and advanced Java concepts like Database connectivity, Threads, Exception Handling, Collections, JSP, Servlets, XMLHandling, and more. You'll also learn various Java frameworks like Hibernate and Spring.

    Join & Write a Comment

    -Xmx and -Xms are the two JVM options often used to tune JVM heap size.   Here are some common mistakes made when using them:   Assume BigApp is a java class file for the below examples. 1.         Missing m, M, g or G at the end …
    There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now