HTTPS on WebSphere Application

I have an Enterprise Application running on IBM WebSphere Server  Version: 7.0.0.7 and I would like it to run via HTTPS instead of HTTP.  Where can I set this? The WebSphere server itself is accessible via HTTPS but my application is not.  It is an internal testing environment so self-signed certificate is fine. Any help is appreciated.
ecosysAsked:
Who is Participating?
 
ecosysConnect With a Mentor Author Commented:
Application is access through virtual host (not web server), I was using default_host, and therefore application was able to be accessed via port 9443.
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
Should find everything you need to know bout Websphere 7.0 and SSL here:  

http://www.redbooks.ibm.com/abstracts/sg247660.html?Open


- Gary Patterson
0
 
HonorGodSoftware EngineerCommented:
I presume that you don't want the Application accessible via HTTP.  Is that correct?

Do you multiple applications installed, or is this the only one?

Is it currently associated with the default_host virtual host?

If you don't know, then you can either check on the Administration console:
- Log on to the Admin console
- Expand the "Applications"
- Expand the "Application Types"
- Click on the "WebSphere enterprise applications" link
- Click on the application name link (e.g., "DefaultApplication")
- On the right column, in the section labelled "Web Module Properties "
  click on the "Virtual hosts" link

or by using the following wsadmin tool, you can execute the following script:
- Save the attached file as vh.py, in some convenient directory/folder
  Note: if you save it in the AppServer\bin directory then you don't have to use
            the fully qualified path to the file.
- open a command prompt
- "cd" to the AppServer\bin directory
- use wsadmin to execute the script:

wsadmin -conntype none -f vh.py <AppName>

Example:

wsadmin -conntype none -f C:\temp\vh.py DefaultApplication
vh.py.txt
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
ecosysAuthor Commented:
It is the only application installed. The application is associated with the default_host.
0
 
ecosysAuthor Commented:
I see where you are going with this. I created a Virtual Host called SSL and configured *  to go to port 443.  Now I am unable to get to my app from http but https is giving me a "page cannot be displayed."
0
 
HonorGodSoftware EngineerCommented:
and did you associate your application with this virtual host?
0
 
ecosysAuthor Commented:
Yes I associated app with the virtual host SSL (Host Name: * Port 443)
0
 
HonorGodSoftware EngineerCommented:
The way that things work is:

- A request goes to the web server, which passes it to the WebSphere plugin code.
- The plugin code compares the request against those listed in the plugin-cfg.xml file to see if the request should be sent (forwarded) to the application server.
- If a match is found, then a connection is opened between the plugin, and the application server specified in the plugin-cfg.xml file for this request/resource
- Once the connection is established, the request is forwarded over this connection the application server on which the application, or resource, is defined to exist.
- The application server compares the request to it's list of resources, and sends it to the appropriate application

So, the question is:
- What is saying the page can not be displayed?
  The web server, or the application server?
0
 
ecosysAuthor Commented:
When I enter the URL with HTTP into my browser for my app I get a "page cannot be displayed" so I would assume that is app server?
0
 
ecosysAuthor Commented:
Sorry that should read HTTPS
0
 
HonorGodSoftware EngineerCommented:
> so I would assume that is app server?
  Not necessarily.

  If the plugin-cfg.xml file wasn't been updated properly to reflect that the resource (application) exists, and where it exists, then the plugin (i.e., web server) will response with the "page cannot be displayed" message.

  On the other hand, if the plugin-cfg.xml file identifies that the resource exists on the application server, and forwards the request there, the application server can respond with the same "page cannot be displayed" if it doesn't recognize the request as something for which it is responsible.

  Does that make sense?

  You can enable the plugin trace using information from this page: http://bit.ly/gaulli

  Look for the section heading of "Log" (in bold)

  Change the LogLevel from "Error" to "Trace".

  Restart the web server

  Try to access the resouce

  Look into the file identified by the Name attribute in the Log directive for how the request was processed, and if it was recognized as existing on the application server.
0
 
ecosysAuthor Commented:
I will enable plugin trace but wanted to mention that I did a search for the plugin-cfg.xml file and was unable to find it. Does that implicate something?
0
 
HonorGodSoftware EngineerCommented:
ok, what web server are you using?  If you are using the IBM HTTP Server (IHS), or an Apache web server, then you should have a conf directory containing an httpd.conf file.

One of the last 2 directives in this httpd.conf file should be

WebSpherePluginConfig

followed by the fully qualified directory of the plugin-cfg.xml file
0
 
HonorGodConnect With a Mentor Software EngineerCommented:
or, are you using only the WebSphere Application Server without a web server?
0
 
ecosysAuthor Commented:
Without a web server.
0
 
HonorGodSoftware EngineerCommented:
ok, then you must be going directly to the application server port.

- please save this file as vhosts.py in some convenient location (e.g., AppServer/bin)
- open a command prompt
- cd to the AppServer/bin directory
- use the following command to execute it:
  On Windows:
  # wsadmin  -f vhosts.py default_host

  On *ix type systems:
  # ./wsadmin.sh  -f vhosts.py default_host



vhosts.py.txt
0
 
ecosysAuthor Commented:

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py QA2
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[QA2]"
WASX7011E: Cannot find file "hosts.py"

QA2 is the hostname.
0
 
ecosysAuthor Commented:
I probably shouldn't have changed that. So here is the command you gave me.

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
WASX7011E: Cannot find file "hosts.py"
0
 
ecosysAuthor Commented:
Third times a charm:

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f vhosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
*:9080
*:80
*:9443
*:5060
*:5061
*:443
0
 
HonorGodSoftware EngineerCommented:
Which shows us the ports associated with the default_host virtual host.  Good.

So, when you access:

https://localhost/contextRoot

you get the 404 page not found?
0
 
ecosysConnect With a Mentor Author Commented:
Correct: Page cannot be displayed
0
 
ecosysAuthor Commented:
I would like to distribute half the points to HonorGod for leading me in the right direction.
0
 
HonorGodSoftware EngineerCommented:
Thanks.  I apologize for not catching the omission  of the port number on the URL.  <sheepish grin>
0
 
ecosysAuthor Commented:
No
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.