Solved

HTTPS on WebSphere Application

Posted on 2011-03-03
24
571 Views
Last Modified: 2012-05-11
I have an Enterprise Application running on IBM WebSphere Server  Version: 7.0.0.7 and I would like it to run via HTTPS instead of HTTP.  Where can I set this? The WebSphere server itself is accessible via HTTPS but my application is not.  It is an internal testing environment so self-signed certificate is fine. Any help is appreciated.
0
Comment
Question by:ecosys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 9
24 Comments
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 35031906
Should find everything you need to know bout Websphere 7.0 and SSL here:  

http://www.redbooks.ibm.com/abstracts/sg247660.html?Open


- Gary Patterson
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35043685
I presume that you don't want the Application accessible via HTTP.  Is that correct?

Do you multiple applications installed, or is this the only one?

Is it currently associated with the default_host virtual host?

If you don't know, then you can either check on the Administration console:
- Log on to the Admin console
- Expand the "Applications"
- Expand the "Application Types"
- Click on the "WebSphere enterprise applications" link
- Click on the application name link (e.g., "DefaultApplication")
- On the right column, in the section labelled "Web Module Properties "
  click on the "Virtual hosts" link

or by using the following wsadmin tool, you can execute the following script:
- Save the attached file as vh.py, in some convenient directory/folder
  Note: if you save it in the AppServer\bin directory then you don't have to use
            the fully qualified path to the file.
- open a command prompt
- "cd" to the AppServer\bin directory
- use wsadmin to execute the script:

wsadmin -conntype none -f vh.py <AppName>

Example:

wsadmin -conntype none -f C:\temp\vh.py DefaultApplication
vh.py.txt
0
 

Author Comment

by:ecosys
ID: 35084784
It is the only application installed. The application is associated with the default_host.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 

Author Comment

by:ecosys
ID: 35084893
I see where you are going with this. I created a Virtual Host called SSL and configured *  to go to port 443.  Now I am unable to get to my app from http but https is giving me a "page cannot be displayed."
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35085167
and did you associate your application with this virtual host?
0
 

Author Comment

by:ecosys
ID: 35085197
Yes I associated app with the virtual host SSL (Host Name: * Port 443)
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35085221
The way that things work is:

- A request goes to the web server, which passes it to the WebSphere plugin code.
- The plugin code compares the request against those listed in the plugin-cfg.xml file to see if the request should be sent (forwarded) to the application server.
- If a match is found, then a connection is opened between the plugin, and the application server specified in the plugin-cfg.xml file for this request/resource
- Once the connection is established, the request is forwarded over this connection the application server on which the application, or resource, is defined to exist.
- The application server compares the request to it's list of resources, and sends it to the appropriate application

So, the question is:
- What is saying the page can not be displayed?
  The web server, or the application server?
0
 

Author Comment

by:ecosys
ID: 35085280
When I enter the URL with HTTP into my browser for my app I get a "page cannot be displayed" so I would assume that is app server?
0
 

Author Comment

by:ecosys
ID: 35085287
Sorry that should read HTTPS
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35085440
> so I would assume that is app server?
  Not necessarily.

  If the plugin-cfg.xml file wasn't been updated properly to reflect that the resource (application) exists, and where it exists, then the plugin (i.e., web server) will response with the "page cannot be displayed" message.

  On the other hand, if the plugin-cfg.xml file identifies that the resource exists on the application server, and forwards the request there, the application server can respond with the same "page cannot be displayed" if it doesn't recognize the request as something for which it is responsible.

  Does that make sense?

  You can enable the plugin trace using information from this page: http://bit.ly/gaulli

  Look for the section heading of "Log" (in bold)

  Change the LogLevel from "Error" to "Trace".

  Restart the web server

  Try to access the resouce

  Look into the file identified by the Name attribute in the Log directive for how the request was processed, and if it was recognized as existing on the application server.
0
 

Author Comment

by:ecosys
ID: 35085534
I will enable plugin trace but wanted to mention that I did a search for the plugin-cfg.xml file and was unable to find it. Does that implicate something?
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35085729
ok, what web server are you using?  If you are using the IBM HTTP Server (IHS), or an Apache web server, then you should have a conf directory containing an httpd.conf file.

One of the last 2 directives in this httpd.conf file should be

WebSpherePluginConfig

followed by the fully qualified directory of the plugin-cfg.xml file
0
 
LVL 41

Assisted Solution

by:HonorGod
HonorGod earned 125 total points
ID: 35085737
or, are you using only the WebSphere Application Server without a web server?
0
 

Author Comment

by:ecosys
ID: 35087291
Without a web server.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35087548
ok, then you must be going directly to the application server port.

- please save this file as vhosts.py in some convenient location (e.g., AppServer/bin)
- open a command prompt
- cd to the AppServer/bin directory
- use the following command to execute it:
  On Windows:
  # wsadmin  -f vhosts.py default_host

  On *ix type systems:
  # ./wsadmin.sh  -f vhosts.py default_host



vhosts.py.txt
0
 

Author Comment

by:ecosys
ID: 35087904

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py QA2
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[QA2]"
WASX7011E: Cannot find file "hosts.py"

QA2 is the hostname.
0
 

Author Comment

by:ecosys
ID: 35087975
I probably shouldn't have changed that. So here is the command you gave me.

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
WASX7011E: Cannot find file "hosts.py"
0
 

Author Comment

by:ecosys
ID: 35088034
Third times a charm:

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f vhosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
*:9080
*:80
*:9443
*:5060
*:5061
*:443
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35088962
Which shows us the ports associated with the default_host virtual host.  Good.

So, when you access:

https://localhost/contextRoot

you get the 404 page not found?
0
 

Assisted Solution

by:ecosys
ecosys earned 0 total points
ID: 35089111
Correct: Page cannot be displayed
0
 

Accepted Solution

by:
ecosys earned 0 total points
ID: 35147661
Application is access through virtual host (not web server), I was using default_host, and therefore application was able to be accessed via port 9443.
0
 

Author Comment

by:ecosys
ID: 35147717
I would like to distribute half the points to HonorGod for leading me in the right direction.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 35147927
Thanks.  I apologize for not catching the omission  of the port number on the URL.  <sheepish grin>
0
 

Author Closing Comment

by:ecosys
ID: 35178755
No
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question