We help IT Professionals succeed at work.

Change SSL port from 9443 to 443 in websphere

alex_wareing asked
Medium Priority
Last Modified: 2013-12-10
I have IBM Websphere running on Windows server 2003. I want to change SSL port from 9443 to 443. This is what I have done:
* I open administrative console
* I go to: Servers > Application servers > (server name) > Ports > WC_defaulthost_secure (I change 9443 to 443)
* I go to: Environment > Virtual Hosts > default_host > Host Aliases > *  (I change 9443 to 443)
* I save it and logout
* I stop the server and restart the server

However it doesn't work. What am I missing here? Please help. Thank you.
Watch Question

Can you elaborate on what you meant by not working ?
Are you getting a blank page ? Any errors in the log files ?


Yes, I'm getting a blank page (The page cannot be displayed). I don't see any error in the log files.

Setting up SSL:

This section describes the overall tasks that are required to configure SSL for Workplace™ Services Express. Some of these tasks are performed on WebSphere® Application Server and the Web server. These steps are summarized here, but you should refer to the WebSphere Application Server and the Web server for more detailed information. Steps that are unique to Workplace Services Express are described in detail here.

After completing the following procedure, all requests, starting with the site login, are encrypted.

Configuring Workplace Services Express for SSL adds security to the client-portal exchange. It encrypts all traffic between the client browser and the server, so that no one can "eavesdrop" on the information that is exchanged over the network between the client browser and the portal. In addition, the LTPAToken and other security and session information can be completely protected against hijack and replay attacks.

Configuring Workplace Services Express for SSL is a multistep process that actually involves configuring each of the following components:

Web (HTTP) server running in front of WebSphere Application Server
WebSphere Application Server
Workplace Services Express
In general, the Web server must be configured to accept inbound SSL traffic. Then, the WebSphere Application Server plug-in for the Web server must be configured to forward traffic on that port to WebSphere Application Server and Workplace Services Express. This involves configuring the virtual host information. Finally, Workplace Services Express must be set up to generate self-referencing URLs using SSL as the transport.

Configure the Web server to support HTTPS. This involves setting up the Web server to accept inbound connections from client browsers over SSL. The Web server must have a port defined (usually 443), and the necessary certificates and keys must be installed.
If this is a production environment, you must obtain a certificate from a certificate authority. For testing purposes, you can use IKEYMAN to generate a self-signed certificate. Use the following resources for detailed instructions:

IBM WebSphere V5.0 Security, SG24-6573-00
the Web server documentation
Configure the WebSphere Application Server plug-in for the Web server to forward Workplace Services Express traffic that is received over SSL to WebSphere Application Server (which will then forward the traffic to Workplace Services Express). Update the virtual host list for WebSphere Application Server to include the correct host name and port number, and regenerate the plug-in configuration.
Open the WebSphere Application Server Administrative Console and click Environment > Virtual Hosts.
Add a host alias for the host name and SSL port that were added to the Web server in step 1. In a default setup, simply adding the new alias to the "default_host" virtual host will be sufficient. Note that the host name might be "*", or might be a fully qualified host name. Usually this would be the host name of the Web server.
If the Web server is remote, copy the plugin-cfg.xml file to the remote Web server.
Click Environment > Update Web Server Plugin. Click OK.
Note: For a full description of the virtual hosts function of WebSphere Application Server, see the WebSphere Application Server documentation.
In configurations where the Web server and Workplace Services Express reside on separate machines, requests to the Web server are rerouted to the application server. Under these circumstances, you can also configure SSL between the Web server and the application server to provide more complete security. This requires that you create additional keyfiles for the Web server plug-in and for the embedded HTTPD of WebSphere Application Server.
Note: For complete instructions for this step, refer to the section 10.11: SSL between the Web server and WebSphere of IBM WebSphere V5.0 Security (SG24-6573-00).

Edit ConfigService.properties in install_root/PortalServer/shared/app/config/services/ and change the following parameters:

    redirect.login.ssl = true
    host.port.https = alias_port

where alias_port is the port number that is used for the virtual host alias that is specified in step 2. The parameter redirect.logout.ssl determines the protocol that is used when the logout button is clicked. If this parameter is set to true, https is used. If this parameter is set to false, http is used. This setting is not affected by the protocol that is used to access the main portal page.

Edit the following web.xml files to change instances of the <security-constraint> tag of the protected portal URL to use HTTPS.
install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
presenceimsiplets.war/WEB-INF/web.xml. One instance of the <security-constraint> tag
is included in this file.

install_root/AppServer/installedApps/hostname/WPCP_Authoring.ear/pcm.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
install_root/AppServer/installedApps/hostname/WPCP_Runtime.ear/wpcpruntime.war/WEB-INF/web.xml. Two instances of the <security-constraint> tag are included in this file.
install_root/AppServer/installedApps/hostname/pdmauthor.ear/pdmauthor.war/WEB-INF/web.xml. Four instances of the <security-constraint> tag are included in this file.
An example of the tag is shown below. This example is from the file: install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml.

      <security-constraint id="SecurityConstraint_1">
         <web-resource-collection id="WebResourceCollection_1">
         <auth-constraint id="AuthConstraint_1">
            <role-name>All Role</role-name>
         <user-data-constraint id="UserDataConstraint_4">
            <transport-guarantee>CONFIDENTIAL</transport-guarantee> // replace NONE by CONFIDENTIAL
Perform the following steps to provide the ssl=true attribute in the appropriate JavaServer Pages (JSPs):
Locate the JSP files in the following path (including subdirectories): install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/
Search the JSP files for the following string: screen="Login"
This string represents the login link to the tag for the login button.
This screen="Login" string is within a wps:url anchor tag, for example: <a href='<wps:url home="public" screen="Login"/>'>
The exact structure of this tag can vary depending on how it was constructed by the page designer. JSP comments might also be used to indicate where the login link is located: <%-- login button --%>
For each JSP file that contains this string, edit the file to add the ssl="true" attribute to the wps:url anchor tag.
Note: One exception is the file install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/ToolBarInclude.jsp. For this file, change ssl="false" to ssl="true".
The following example shows where the attribute should be entered.

<%-- login button --%>
<wps:if loggedIn="no" notScreen="Login">
<td valign="middle">
   <a href='<wps:url home="public" ssl="true" screen="Login"/>'>
      <img src='<wps:urlFindInTheme file="nav_login.gif"/>'
         alt='<wps:text key="link.login" bundle="nls.engine"/>'
         border="0" align="absmiddle" width="25" height="25"
         title='<wps:text key="link.login" bundle="nls.engine"/>'>
Perform the following steps:
Edit the following properties files to modify the wpcp.serverUrl value from http to https, for example, change wpcp.serverUrl=http://yourHTTPServer.yourco.com/lwp/wcp to wpcp.serverUrl=https://yourHTTPServer.yourco.com/lwp/wcp: where yourHTTPServer.yourco.com is the HTTPS server your Workplace server is configured to use. All of the following files are in the install_root/WorkplaceServer/properties directory.
Edit the install_root/WorkplaceServer/properties/lwpworkplaceurl.properties file to modify the workplaceurl.serverUrl value. Change the value from workplaceurl.serverUrl=http://yourHTTPServer.yourco.com/lwp/myworkplace to workplaceurl.serverUrl=https://yourHTTPServer.yourco.com/lwp/myworkplace.
Delete the compiled JSPs from the application server cache by removing the contents of the following directory:

Restart the Web server and the Workplace Services Express server for these changes to take effect.
Test your changes by launching the site home page in a Web browser and clicking the login link. The session will be directed to a secure connection after you log in. A browser security prompt appears after you click the login link to send your credentials to the server.


this may help you.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.