ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/secchttps.htm

75 lines
4.0 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure HTTPS transport for your application server's Web container</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h5><a name="secchttps"></a>Configure HTTPS transport for your application server's Web container</h5>
<p>Perform these steps in the WebSphere administrative console:</p>
<ol>
<li><p>Start the administrative console.</p></li>
<li><p>If you are using the key file that is provided with the product to configure SSL for the Web server plug-in, skip to step <a href="#httpst3">Configure an HTTPS transport</a>.</p>
<p>Perform the following steps to create an SSL repertoire:</p>
<ol type="a">
<li>In the left pane, expand <strong>Security</strong></li>
<li>Click <strong>SSL</strong></li>
<li>In the right hand pane, click <strong>New</strong></li>
<li>Specify the following configuration settings:
<ul>
<li><strong>Alias</strong>: (the name of your SSL repertoire, for example <tt>mySSLSettings</tt>)</li>
<li><strong>Key File Name</strong>: <em>USER_INSTALL_ROOT</em>/etc/appServerKeys.jks, for example /QIBM/UserData/WebASE51/ASE/myInstance/etc/appServerKeys.jks.</li>
<li><strong>Key File Password</strong>: Enter your password</li>
<li><strong>Key File Format</strong>: Select JKS</li>
<li><strong>Trust File Name</strong>: <em>USER_INSTALL_ROOT</em>/etc/appServerKeys.jks
<p><strong>Note</strong>: Typically, you would create a separate trust file for your signer certificates. However, a previous step added the certificate for the CA that signed the plug-in's certificate to appServerKeys.jks, we use appServerKeys.jks here, also.</p></li>
<li><strong>Trust File Password</strong>: Enter your password</li>
<li><strong>Trust File Format</strong>: Select <strong>JKS</strong></li>
<li><strong>Client Authentication</strong>: selected</li>
</ul></li>
<li><p>Click <strong>OK</strong></p></li>
</ol></li>
<li><p><a name="httpst3"></a>Configure an HTTPS transport:</p>
<ol type="a">
<li>In the left pane, expand <strong>Servers</strong></li>
<li>Click <strong>Application Servers</strong></li>
<li>Int the right hand pane, click your application server name</li>
<li>Click the <strong>Configuration</strong> tab</li>
<li>Click <strong>Web Container</strong></li>
<li>Click <strong>HTTP transports</strong></li>
<li>Click <strong>New</strong></li>
<li>Specify the following configuration settings:
<ul>
<li><strong>Host</strong>: *</li>
<li><strong>Port</strong>: Enter the port number to use for your Web container's SSL
port</li>
<li><strong>SSL Enabled</strong>: select <strong>Enable SSL</strong></li>
<li><strong>SSL</strong>: If you are using the key file that is provided with the product to configure SSL for the Web server plug-in, select the DefaultSettings SSL repertoire. Otherwise, select mySSLSettings.</li>
</ul></li>
</ol><p></p></li>
<li><p>Click <strong>OK</strong></p></li>
<li><p>Save your changes.</p></li>
<li><p>Restart your application server.</p></li>
<li><p>Start the administrative console.</p></li>
<li><p>In the left hand pane of the administrative console, expand <strong>Environment</strong> and click <strong>Update Web Server Plugin</strong>.</p></li>
<li><p>Click <strong>OK</strong>.</p></li>
<li><p>If you previously made manual changes to the Web server plugin configuration file (<em>USER_INSTALL_ROOT</em>/config/cell/plugin-cfg.xml), you may need to manually reapply those changes before restarting the Web server.</p></li>
<li><p>Restart the Web server to immediately pick up changes to the Web server plugin configuration file.</p></li>
</ol>
</body>
</html>