Solved

HTTPS on WebSphere Application

Posted on 2011-03-03
24
564 Views
Last Modified: 2012-05-11
I have an Enterprise Application running on IBM WebSphere Server  Version: 7.0.0.7 and I would like it to run via HTTPS instead of HTTP.  Where can I set this? The WebSphere server itself is accessible via HTTPS but my application is not.  It is an internal testing environment so self-signed certificate is fine. Any help is appreciated.
0
Comment
Question by:ecosys
  • 14
  • 9
24 Comments
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
Should find everything you need to know bout Websphere 7.0 and SSL here:  

http://www.redbooks.ibm.com/abstracts/sg247660.html?Open


- Gary Patterson
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
I presume that you don't want the Application accessible via HTTP.  Is that correct?

Do you multiple applications installed, or is this the only one?

Is it currently associated with the default_host virtual host?

If you don't know, then you can either check on the Administration console:
- Log on to the Admin console
- Expand the "Applications"
- Expand the "Application Types"
- Click on the "WebSphere enterprise applications" link
- Click on the application name link (e.g., "DefaultApplication")
- On the right column, in the section labelled "Web Module Properties "
  click on the "Virtual hosts" link

or by using the following wsadmin tool, you can execute the following script:
- Save the attached file as vh.py, in some convenient directory/folder
  Note: if you save it in the AppServer\bin directory then you don't have to use
            the fully qualified path to the file.
- open a command prompt
- "cd" to the AppServer\bin directory
- use wsadmin to execute the script:

wsadmin -conntype none -f vh.py <AppName>

Example:

wsadmin -conntype none -f C:\temp\vh.py DefaultApplication
vh.py.txt
0
 

Author Comment

by:ecosys
Comment Utility
It is the only application installed. The application is associated with the default_host.
0
 

Author Comment

by:ecosys
Comment Utility
I see where you are going with this. I created a Virtual Host called SSL and configured *  to go to port 443.  Now I am unable to get to my app from http but https is giving me a "page cannot be displayed."
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
and did you associate your application with this virtual host?
0
 

Author Comment

by:ecosys
Comment Utility
Yes I associated app with the virtual host SSL (Host Name: * Port 443)
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
The way that things work is:

- A request goes to the web server, which passes it to the WebSphere plugin code.
- The plugin code compares the request against those listed in the plugin-cfg.xml file to see if the request should be sent (forwarded) to the application server.
- If a match is found, then a connection is opened between the plugin, and the application server specified in the plugin-cfg.xml file for this request/resource
- Once the connection is established, the request is forwarded over this connection the application server on which the application, or resource, is defined to exist.
- The application server compares the request to it's list of resources, and sends it to the appropriate application

So, the question is:
- What is saying the page can not be displayed?
  The web server, or the application server?
0
 

Author Comment

by:ecosys
Comment Utility
When I enter the URL with HTTP into my browser for my app I get a "page cannot be displayed" so I would assume that is app server?
0
 

Author Comment

by:ecosys
Comment Utility
Sorry that should read HTTPS
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
> so I would assume that is app server?
  Not necessarily.

  If the plugin-cfg.xml file wasn't been updated properly to reflect that the resource (application) exists, and where it exists, then the plugin (i.e., web server) will response with the "page cannot be displayed" message.

  On the other hand, if the plugin-cfg.xml file identifies that the resource exists on the application server, and forwards the request there, the application server can respond with the same "page cannot be displayed" if it doesn't recognize the request as something for which it is responsible.

  Does that make sense?

  You can enable the plugin trace using information from this page: http://bit.ly/gaulli

  Look for the section heading of "Log" (in bold)

  Change the LogLevel from "Error" to "Trace".

  Restart the web server

  Try to access the resouce

  Look into the file identified by the Name attribute in the Log directive for how the request was processed, and if it was recognized as existing on the application server.
0
 

Author Comment

by:ecosys
Comment Utility
I will enable plugin trace but wanted to mention that I did a search for the plugin-cfg.xml file and was unable to find it. Does that implicate something?
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
ok, what web server are you using?  If you are using the IBM HTTP Server (IHS), or an Apache web server, then you should have a conf directory containing an httpd.conf file.

One of the last 2 directives in this httpd.conf file should be

WebSpherePluginConfig

followed by the fully qualified directory of the plugin-cfg.xml file
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 41

Assisted Solution

by:HonorGod
HonorGod earned 125 total points
Comment Utility
or, are you using only the WebSphere Application Server without a web server?
0
 

Author Comment

by:ecosys
Comment Utility
Without a web server.
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
ok, then you must be going directly to the application server port.

- please save this file as vhosts.py in some convenient location (e.g., AppServer/bin)
- open a command prompt
- cd to the AppServer/bin directory
- use the following command to execute it:
  On Windows:
  # wsadmin  -f vhosts.py default_host

  On *ix type systems:
  # ./wsadmin.sh  -f vhosts.py default_host



vhosts.py.txt
0
 

Author Comment

by:ecosys
Comment Utility

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py QA2
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[QA2]"
WASX7011E: Cannot find file "hosts.py"

QA2 is the hostname.
0
 

Author Comment

by:ecosys
Comment Utility
I probably shouldn't have changed that. So here is the command you gave me.

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
WASX7011E: Cannot find file "hosts.py"
0
 

Author Comment

by:ecosys
Comment Utility
Third times a charm:

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f vhosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
*:9080
*:80
*:9443
*:5060
*:5061
*:443
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
Which shows us the ports associated with the default_host virtual host.  Good.

So, when you access:

https://localhost/contextRoot

you get the 404 page not found?
0
 

Assisted Solution

by:ecosys
ecosys earned 0 total points
Comment Utility
Correct: Page cannot be displayed
0
 

Accepted Solution

by:
ecosys earned 0 total points
Comment Utility
Application is access through virtual host (not web server), I was using default_host, and therefore application was able to be accessed via port 9443.
0
 

Author Comment

by:ecosys
Comment Utility
I would like to distribute half the points to HonorGod for leading me in the right direction.
0
 
LVL 41

Expert Comment

by:HonorGod
Comment Utility
Thanks.  I apologize for not catching the omission  of the port number on the URL.  <sheepish grin>
0
 

Author Closing Comment

by:ecosys
Comment Utility
No
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now