This topic documents the configuration that is necessary to instantiate a secure
connection between the web server plug-in and the internal HTTP transport in the web container for
the Application Server.
Before you begin
WebSphere®
Application Server has an internal HTTP transport that accepts HTTP requests. If you install an
external HTTP server, the web server plug-in must forward requests from the external HTTP server to
Application Server internal HTTP transport. Follow instructions that are provided by your HTTP
vendor to install and configure your HTTP server. Test your HTTP server by accessing
http://your-host-URL and https://your-host-URL. You should also have a web server plug-in installed.
See the instructions for installing the HTTP Server and the web server plug-ins. They also describe
how to enable the plug-in to load the correct libraries for Secure Socket layers (SSL) on Solaris
x64.
Procedure
- Create a directory on the web server host for storing the key ring file that is
referenced by the plug-in and associated files, for example:
plugin_install_root/etc/keys.
- From the administrative console, click Servers > Web servers.
- Select the web server name.
- Click Plug-in properties.
- Click Manage keys and certificates to access configuration options for your keys
and certificates. By default, you can change your password that is used to protect the
keystore.
- Click OK.
- Click Copy to web server keystore directory to copy the keystore and to stash
files to a managed web server. For non-managed web servers, use FTP to copy them.
Avoid trouble: You must copy the keystore file to the web server for
the web server to function properly.
- Optional: Under Additional Properties, you can also select one of the
following:
- Signer certificates - Use to add new certificates, delete certificates, extract
certificates, and to retrieve certificates from a port.
- Personal certificates - Use to create a new chained or self-signed certificate,
delete a certificate, or to import and export a personal certificate.
- Personal certificate requests - Use to manage personal certificate requests.
- Custom properties - Use to define custom properties for the keystore.
- Manually stash the password for the
plugin-key.kdb file.
If the password is not manually stashed, then the following error appears in the
http_plugin.log file:
ERROR: lib_security: logSSLError: str_security (gsk error 201):
Object containing the password for the certificate store file not found.
The
default path of the
plugin-key.kdb file is
<profile_root>/config/<webserver_definition_name>/plugin-key.kdb. The web
server must be restarted after stashing the password. For more information on stashing the password
see:
Recreating the .kdb keystore internal password record.
Results
The IBM HTTP
Server plug-in and the internal Web server are configured for SSL.