?
Solved

Change SSL port from 9443 to 443 in websphere

Posted on 2006-03-20
3
Medium Priority
?
6,223 Views
Last Modified: 2013-12-10
I have IBM Websphere 6.0.2.0 running on Windows server 2003. I want to change SSL port from 9443 to 443. This is what I have done:
* I open administrative console
* I go to: Servers > Application servers > (server name) > Ports > WC_defaulthost_secure (I change 9443 to 443)
* I go to: Environment > Virtual Hosts > default_host > Host Aliases > *  (I change 9443 to 443)
* I save it and logout
* I stop the server and restart the server

However it doesn't work. What am I missing here? Please help. Thank you.
0
Comment
Question by:alex_wareing
3 Comments
 
LVL 5

Expert Comment

by:Waswiz
ID: 16253482
Can you elaborate on what you meant by not working ?
Are you getting a blank page ? Any errors in the log files ?
0
 

Author Comment

by:alex_wareing
ID: 16258896
Yes, I'm getting a blank page (The page cannot be displayed). I don't see any error in the log files.
0
 
LVL 23

Accepted Solution

by:
rama_krishna580 earned 1500 total points
ID: 16343512
Hi,

Setting up SSL:

This section describes the overall tasks that are required to configure SSL for Workplace™ Services Express. Some of these tasks are performed on WebSphere® Application Server and the Web server. These steps are summarized here, but you should refer to the WebSphere Application Server and the Web server for more detailed information. Steps that are unique to Workplace Services Express are described in detail here.

After completing the following procedure, all requests, starting with the site login, are encrypted.

Configuring Workplace Services Express for SSL adds security to the client-portal exchange. It encrypts all traffic between the client browser and the server, so that no one can "eavesdrop" on the information that is exchanged over the network between the client browser and the portal. In addition, the LTPAToken and other security and session information can be completely protected against hijack and replay attacks.

Configuring Workplace Services Express for SSL is a multistep process that actually involves configuring each of the following components:

Web (HTTP) server running in front of WebSphere Application Server
WebSphere Application Server
Workplace Services Express
In general, the Web server must be configured to accept inbound SSL traffic. Then, the WebSphere Application Server plug-in for the Web server must be configured to forward traffic on that port to WebSphere Application Server and Workplace Services Express. This involves configuring the virtual host information. Finally, Workplace Services Express must be set up to generate self-referencing URLs using SSL as the transport.

Configure the Web server to support HTTPS. This involves setting up the Web server to accept inbound connections from client browsers over SSL. The Web server must have a port defined (usually 443), and the necessary certificates and keys must be installed.
If this is a production environment, you must obtain a certificate from a certificate authority. For testing purposes, you can use IKEYMAN to generate a self-signed certificate. Use the following resources for detailed instructions:

IBM WebSphere V5.0 Security, SG24-6573-00
the Web server documentation
Configure the WebSphere Application Server plug-in for the Web server to forward Workplace Services Express traffic that is received over SSL to WebSphere Application Server (which will then forward the traffic to Workplace Services Express). Update the virtual host list for WebSphere Application Server to include the correct host name and port number, and regenerate the plug-in configuration.
Open the WebSphere Application Server Administrative Console and click Environment > Virtual Hosts.
Add a host alias for the host name and SSL port that were added to the Web server in step 1. In a default setup, simply adding the new alias to the "default_host" virtual host will be sufficient. Note that the host name might be "*", or might be a fully qualified host name. Usually this would be the host name of the Web server.
If the Web server is remote, copy the plugin-cfg.xml file to the remote Web server.
Click Environment > Update Web Server Plugin. Click OK.
Note: For a full description of the virtual hosts function of WebSphere Application Server, see the WebSphere Application Server documentation.
In configurations where the Web server and Workplace Services Express reside on separate machines, requests to the Web server are rerouted to the application server. Under these circumstances, you can also configure SSL between the Web server and the application server to provide more complete security. This requires that you create additional keyfiles for the Web server plug-in and for the embedded HTTPD of WebSphere Application Server.
Note: For complete instructions for this step, refer to the section 10.11: SSL between the Web server and WebSphere of IBM WebSphere V5.0 Security (SG24-6573-00).

Edit ConfigService.properties in install_root/PortalServer/shared/app/config/services/ and change the following parameters:

    redirect.login.ssl = true
    host.port.https = alias_port

where alias_port is the port number that is used for the virtual host alias that is specified in step 2. The parameter redirect.logout.ssl determines the protocol that is used when the logout button is clicked. If this parameter is set to true, https is used. If this parameter is set to false, http is used. This setting is not affected by the protocol that is used to access the main portal page.

Edit the following web.xml files to change instances of the <security-constraint> tag of the protected portal URL to use HTTPS.
install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
install_root/AppServer/installedApps/hostname/LWP_SIP_Presence_IM.ear/
presenceimsiplets.war/WEB-INF/web.xml. One instance of the <security-constraint> tag
is included in this file.

install_root/AppServer/installedApps/hostname/WPCP_Authoring.ear/pcm.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
install_root/AppServer/installedApps/hostname/WPCP_Runtime.ear/wpcpruntime.war/WEB-INF/web.xml. Two instances of the <security-constraint> tag are included in this file.
install_root/AppServer/installedApps/hostname/pdmauthor.ear/pdmauthor.war/WEB-INF/web.xml. Four instances of the <security-constraint> tag are included in this file.
An example of the tag is shown below. This example is from the file: install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml.

      <security-constraint id="SecurityConstraint_1">
         <web-resource-collection id="WebResourceCollection_1">
            <web-resource-name></web-resource-name>
            <url-pattern>/myportal/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
         </web-resource-collection>
         <auth-constraint id="AuthConstraint_1">
            <description></description>
            <role-name>All Role</role-name>
         </auth-constraint>
         <user-data-constraint id="UserDataConstraint_4">
            <transport-guarantee>CONFIDENTIAL</transport-guarantee> // replace NONE by CONFIDENTIAL
         </user-data-constraint>
      </security-constraint>
Perform the following steps to provide the ssl=true attribute in the appropriate JavaServer Pages (JSPs):
Locate the JSP files in the following path (including subdirectories): install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/
Search the JSP files for the following string: screen="Login"
Note:
This string represents the login link to the tag for the login button.
This screen="Login" string is within a wps:url anchor tag, for example: <a href='<wps:url home="public" screen="Login"/>'>
The exact structure of this tag can vary depending on how it was constructed by the page designer. JSP comments might also be used to indicate where the login link is located: <%-- login button --%>
For each JSP file that contains this string, edit the file to add the ssl="true" attribute to the wps:url anchor tag.
Note: One exception is the file install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/ToolBarInclude.jsp. For this file, change ssl="false" to ssl="true".
The following example shows where the attribute should be entered.

<%-- login button --%>
<wps:if loggedIn="no" notScreen="Login">
<td valign="middle">
   <a href='<wps:url home="public" ssl="true" screen="Login"/>'>
      <img src='<wps:urlFindInTheme file="nav_login.gif"/>'
         alt='<wps:text key="link.login" bundle="nls.engine"/>'
         border="0" align="absmiddle" width="25" height="25"
         title='<wps:text key="link.login" bundle="nls.engine"/>'>
   </a>
</td>
</wps:if>  
Perform the following steps:
Edit the following properties files to modify the wpcp.serverUrl value from http to https, for example, change wpcp.serverUrl=http://yourHTTPServer.yourco.com/lwp/wcp to wpcp.serverUrl=https://yourHTTPServer.yourco.com/lwp/wcp: where yourHTTPServer.yourco.com is the HTTPS server your Workplace server is configured to use. All of the following files are in the install_root/WorkplaceServer/properties directory.
lwpworkplaceurl.properties
lwpagenda.properties
lwpchatroom.properties
lwpformsstorage.properties
lwplistadapter.properties
lwppdmadapter.properties
lwptaistorage.properties
lwpteamtasklist.properties
Edit the install_root/WorkplaceServer/properties/lwpworkplaceurl.properties file to modify the workplaceurl.serverUrl value. Change the value from workplaceurl.serverUrl=http://yourHTTPServer.yourco.com/lwp/myworkplace to workplaceurl.serverUrl=https://yourHTTPServer.yourco.com/lwp/myworkplace.
Delete the compiled JSPs from the application server cache by removing the contents of the following directory:
install_root/AppServer/temp/hostname/WebSphere_Portal/wps/wps.war

Restart the Web server and the Workplace Services Express server for these changes to take effect.
Test your changes by launching the site home page in a Web browser and clicking the login link. The session will be directed to a secure connection after you log in. A browser security prompt appears after you click the login link to send your credentials to the server.

http://publib.boulder.ibm.com/infocenter/wseic/v2r5/index.jsp?topic=/com.ibm.wse.doc/wpf/ssl.html

this may help you.

R.K
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Screencast - Getting to Know the Pipeline
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question