• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 577
  • Last Modified:

HTTPS on WebSphere Application

I have an Enterprise Application running on IBM WebSphere Server  Version: 7.0.0.7 and I would like it to run via HTTPS instead of HTTP.  Where can I set this? The WebSphere server itself is accessible via HTTPS but my application is not.  It is an internal testing environment so self-signed certificate is fine. Any help is appreciated.
0
ecosys
Asked:
ecosys
  • 14
  • 9
3 Solutions
 
Gary PattersonVP Technology / Senior Consultant Commented:
Should find everything you need to know bout Websphere 7.0 and SSL here:  

http://www.redbooks.ibm.com/abstracts/sg247660.html?Open


- Gary Patterson
0
 
HonorGodCommented:
I presume that you don't want the Application accessible via HTTP.  Is that correct?

Do you multiple applications installed, or is this the only one?

Is it currently associated with the default_host virtual host?

If you don't know, then you can either check on the Administration console:
- Log on to the Admin console
- Expand the "Applications"
- Expand the "Application Types"
- Click on the "WebSphere enterprise applications" link
- Click on the application name link (e.g., "DefaultApplication")
- On the right column, in the section labelled "Web Module Properties "
  click on the "Virtual hosts" link

or by using the following wsadmin tool, you can execute the following script:
- Save the attached file as vh.py, in some convenient directory/folder
  Note: if you save it in the AppServer\bin directory then you don't have to use
            the fully qualified path to the file.
- open a command prompt
- "cd" to the AppServer\bin directory
- use wsadmin to execute the script:

wsadmin -conntype none -f vh.py <AppName>

Example:

wsadmin -conntype none -f C:\temp\vh.py DefaultApplication
vh.py.txt
0
 
ecosysAuthor Commented:
It is the only application installed. The application is associated with the default_host.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
ecosysAuthor Commented:
I see where you are going with this. I created a Virtual Host called SSL and configured *  to go to port 443.  Now I am unable to get to my app from http but https is giving me a "page cannot be displayed."
0
 
HonorGodCommented:
and did you associate your application with this virtual host?
0
 
ecosysAuthor Commented:
Yes I associated app with the virtual host SSL (Host Name: * Port 443)
0
 
HonorGodCommented:
The way that things work is:

- A request goes to the web server, which passes it to the WebSphere plugin code.
- The plugin code compares the request against those listed in the plugin-cfg.xml file to see if the request should be sent (forwarded) to the application server.
- If a match is found, then a connection is opened between the plugin, and the application server specified in the plugin-cfg.xml file for this request/resource
- Once the connection is established, the request is forwarded over this connection the application server on which the application, or resource, is defined to exist.
- The application server compares the request to it's list of resources, and sends it to the appropriate application

So, the question is:
- What is saying the page can not be displayed?
  The web server, or the application server?
0
 
ecosysAuthor Commented:
When I enter the URL with HTTP into my browser for my app I get a "page cannot be displayed" so I would assume that is app server?
0
 
ecosysAuthor Commented:
Sorry that should read HTTPS
0
 
HonorGodCommented:
> so I would assume that is app server?
  Not necessarily.

  If the plugin-cfg.xml file wasn't been updated properly to reflect that the resource (application) exists, and where it exists, then the plugin (i.e., web server) will response with the "page cannot be displayed" message.

  On the other hand, if the plugin-cfg.xml file identifies that the resource exists on the application server, and forwards the request there, the application server can respond with the same "page cannot be displayed" if it doesn't recognize the request as something for which it is responsible.

  Does that make sense?

  You can enable the plugin trace using information from this page: http://bit.ly/gaulli

  Look for the section heading of "Log" (in bold)

  Change the LogLevel from "Error" to "Trace".

  Restart the web server

  Try to access the resouce

  Look into the file identified by the Name attribute in the Log directive for how the request was processed, and if it was recognized as existing on the application server.
0
 
ecosysAuthor Commented:
I will enable plugin trace but wanted to mention that I did a search for the plugin-cfg.xml file and was unable to find it. Does that implicate something?
0
 
HonorGodCommented:
ok, what web server are you using?  If you are using the IBM HTTP Server (IHS), or an Apache web server, then you should have a conf directory containing an httpd.conf file.

One of the last 2 directives in this httpd.conf file should be

WebSpherePluginConfig

followed by the fully qualified directory of the plugin-cfg.xml file
0
 
HonorGodCommented:
or, are you using only the WebSphere Application Server without a web server?
0
 
ecosysAuthor Commented:
Without a web server.
0
 
HonorGodCommented:
ok, then you must be going directly to the application server port.

- please save this file as vhosts.py in some convenient location (e.g., AppServer/bin)
- open a command prompt
- cd to the AppServer/bin directory
- use the following command to execute it:
  On Windows:
  # wsadmin  -f vhosts.py default_host

  On *ix type systems:
  # ./wsadmin.sh  -f vhosts.py default_host



vhosts.py.txt
0
 
ecosysAuthor Commented:

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py QA2
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[QA2]"
WASX7011E: Cannot find file "hosts.py"

QA2 is the hostname.
0
 
ecosysAuthor Commented:
I probably shouldn't have changed that. So here is the command you gave me.

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f hosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
WASX7011E: Cannot find file "hosts.py"
0
 
ecosysAuthor Commented:
Third times a charm:

C:\Program Files\IBM\WebSphere\AppServer1\bin>wsadmin -f vhosts.py default_host
WASX7209I: Connected to process "server1" on node vm-esfmNode01 using SOAP connector;  The type of process is: UnManagedProcess
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv var
iable: "[default_host]"
*:9080
*:80
*:9443
*:5060
*:5061
*:443
0
 
HonorGodCommented:
Which shows us the ports associated with the default_host virtual host.  Good.

So, when you access:

https://localhost/contextRoot

you get the 404 page not found?
0
 
ecosysAuthor Commented:
Correct: Page cannot be displayed
0
 
ecosysAuthor Commented:
Application is access through virtual host (not web server), I was using default_host, and therefore application was able to be accessed via port 9443.
0
 
ecosysAuthor Commented:
I would like to distribute half the points to HonorGod for leading me in the right direction.
0
 
HonorGodCommented:
Thanks.  I apologize for not catching the omission  of the port number on the URL.  <sheepish grin>
0
 
ecosysAuthor Commented:
No
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 14
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now