using SSL in WSAD

Posted on 2006-04-03
Last Modified: 2013-12-10
Hi Experts,

My web application involves a pop up window includes password input submitting to the server side. Since the password is sensitive, I would like to use SSL for transmition.

However, since I am not familiar with SSL thing, especially in Websphere or WSAD testing. Is there any useful reference or would you please briefy show me how to do?

Many many thanks.
Question by:nkan
    LVL 5

    Accepted Solution

    There are detailed instructions in the WebSphere info center
    at :

    "Configuring Secure Sockets Layer"

    Basically you will create and load the certificate, identify the port to run SSL and configure the libraries at the high level.

    Author Comment

    how about in WSAD? is it just enable port 9443 in SSL is ok and no need to load the certificate?
    LVL 23

    Assisted Solution

    LVL 23

    Expert Comment


    Setting up SSL:

    This section describes the overall tasks that are required to configure SSL for Workplace™ Services Express. Some of these tasks are performed on WebSphere® Application Server and the Web server. These steps are summarized here, but you should refer to the WebSphere Application Server and the Web server for more detailed information. Steps that are unique to Workplace Services Express are described in detail here.

    After completing the following procedure, all requests, starting with the site login, are encrypted.

    Configuring Workplace Services Express for SSL adds security to the client-portal exchange. It encrypts all traffic between the client browser and the server, so that no one can "eavesdrop" on the information that is exchanged over the network between the client browser and the portal. In addition, the LTPAToken and other security and session information can be completely protected against hijack and replay attacks.

    Configuring Workplace Services Express for SSL is a multistep process that actually involves configuring each of the following components:

    Web (HTTP) server running in front of WebSphere Application Server
    WebSphere Application Server
    Workplace Services Express
    In general, the Web server must be configured to accept inbound SSL traffic. Then, the WebSphere Application Server plug-in for the Web server must be configured to forward traffic on that port to WebSphere Application Server and Workplace Services Express. This involves configuring the virtual host information. Finally, Workplace Services Express must be set up to generate self-referencing URLs using SSL as the transport.

    Configure the Web server to support HTTPS. This involves setting up the Web server to accept inbound connections from client browsers over SSL. The Web server must have a port defined (usually 443), and the necessary certificates and keys must be installed.
    If this is a production environment, you must obtain a certificate from a certificate authority. For testing purposes, you can use IKEYMAN to generate a self-signed certificate. Use the following resources for detailed instructions:

    IBM WebSphere V5.0 Security, SG24-6573-00
    the Web server documentation
    Configure the WebSphere Application Server plug-in for the Web server to forward Workplace Services Express traffic that is received over SSL to WebSphere Application Server (which will then forward the traffic to Workplace Services Express). Update the virtual host list for WebSphere Application Server to include the correct host name and port number, and regenerate the plug-in configuration.
    Open the WebSphere Application Server Administrative Console and click Environment > Virtual Hosts.
    Add a host alias for the host name and SSL port that were added to the Web server in step 1. In a default setup, simply adding the new alias to the "default_host" virtual host will be sufficient. Note that the host name might be "*", or might be a fully qualified host name. Usually this would be the host name of the Web server.
    If the Web server is remote, copy the plugin-cfg.xml file to the remote Web server.
    Click Environment > Update Web Server Plugin. Click OK.
    Note: For a full description of the virtual hosts function of WebSphere Application Server, see the WebSphere Application Server documentation.
    In configurations where the Web server and Workplace Services Express reside on separate machines, requests to the Web server are rerouted to the application server. Under these circumstances, you can also configure SSL between the Web server and the application server to provide more complete security. This requires that you create additional keyfiles for the Web server plug-in and for the embedded HTTPD of WebSphere Application Server.
    Note: For complete instructions for this step, refer to the section 10.11: SSL between the Web server and WebSphere of IBM WebSphere V5.0 Security (SG24-6573-00).

    Edit in install_root/PortalServer/shared/app/config/services/ and change the following parameters:

        redirect.login.ssl = true
        host.port.https = alias_port

    where alias_port is the port number that is used for the virtual host alias that is specified in step 2. The parameter redirect.logout.ssl determines the protocol that is used when the logout button is clicked. If this parameter is set to true, https is used. If this parameter is set to false, http is used. This setting is not affected by the protocol that is used to access the main portal page.

    Edit the following web.xml files to change instances of the <security-constraint> tag of the protected portal URL to use HTTPS.
    install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
    presenceimsiplets.war/WEB-INF/web.xml. One instance of the <security-constraint> tag
    is included in this file.

    install_root/AppServer/installedApps/hostname/WPCP_Authoring.ear/pcm.war/WEB-INF/web.xml. One instance of the <security-constraint> tag is included in this file.
    install_root/AppServer/installedApps/hostname/WPCP_Runtime.ear/wpcpruntime.war/WEB-INF/web.xml. Two instances of the <security-constraint> tag are included in this file.
    install_root/AppServer/installedApps/hostname/pdmauthor.ear/pdmauthor.war/WEB-INF/web.xml. Four instances of the <security-constraint> tag are included in this file.
    An example of the tag is shown below. This example is from the file: install_root/AppServer/installedApps/hostname/wps.ear/wps.war/WEB-INF/web.xml.

          <security-constraint id="SecurityConstraint_1">
             <web-resource-collection id="WebResourceCollection_1">
             <auth-constraint id="AuthConstraint_1">
                <role-name>All Role</role-name>
             <user-data-constraint id="UserDataConstraint_4">
                <transport-guarantee>CONFIDENTIAL</transport-guarantee> // replace NONE by CONFIDENTIAL
    Perform the following steps to provide the ssl=true attribute in the appropriate JavaServer Pages (JSPs):
    Locate the JSP files in the following path (including subdirectories): install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/
    Search the JSP files for the following string: screen="Login"
    This string represents the login link to the tag for the login button.
    This screen="Login" string is within a wps:url anchor tag, for example: <a href='<wps:url home="public" screen="Login"/>'>
    The exact structure of this tag can vary depending on how it was constructed by the page designer. JSP comments might also be used to indicate where the login link is located: <%-- login button --%>
    For each JSP file that contains this string, edit the file to add the ssl="true" attribute to the wps:url anchor tag.
    Note: One exception is the file install_root/AppServer/installedApps/hostname/wps.ear/wps.war/themes/html/ToolBarInclude.jsp. For this file, change ssl="false" to ssl="true".
    The following example shows where the attribute should be entered.

    <%-- login button --%>
    <wps:if loggedIn="no" notScreen="Login">
    <td valign="middle">
       <a href='<wps:url home="public" ssl="true" screen="Login"/>'>
          <img src='<wps:urlFindInTheme file="nav_login.gif"/>'
             alt='<wps:text key="link.login" bundle="nls.engine"/>'
             border="0" align="absmiddle" width="25" height="25"
             title='<wps:text key="link.login" bundle="nls.engine"/>'>
    Perform the following steps:
    Edit the following properties files to modify the wpcp.serverUrl value from http to https, for example, change wpcp.serverUrl= to wpcp.serverUrl= where is the HTTPS server your Workplace server is configured to use. All of the following files are in the install_root/WorkplaceServer/properties directory.
    Edit the install_root/WorkplaceServer/properties/ file to modify the workplaceurl.serverUrl value. Change the value from workplaceurl.serverUrl= to workplaceurl.serverUrl=
    Delete the compiled JSPs from the application server cache by removing the contents of the following directory:

    Restart the Web server and the Workplace Services Express server for these changes to take effect.
    Test your changes by launching the site home page in a Web browser and clicking the login link. The session will be directed to a secure connection after you log in. A browser security prompt appears after you click the login link to send your credentials to the server.

    this may help you.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Upgrade of Tomcat server 7 252
    tomcat deploy 3 119
    How to close Java Threads in servlets 5 100
    Multi-threading in Tomcat 4 64
    Verbose logging is used to diagnose garbage collector problems. By default, -verbose:gc output is written to either native_stderr.log or native_stdout.log.   It is also possible to redirect the logs to a user-specified file. This article will de…
    There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now