|
Home > Archive > WebSphere HTTP Server > May 2004 > Simple question regarding WAS 5.0 and SSL
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Simple question regarding WAS 5.0 and SSL
|
|
|
| Hello,
I am a software engineer with very limited knowledge of WAS. Just for
background, we are running WAS 5.0 on a Win2000 machine, and our final
product is a Java Applet/Servlet. I have been tasked with setting up
SSL on one of the sites hosted on our WAS. Not only do I know very
little about WAS, I know less about SSL. I have been reading up on
both subjects and seem to have learned a great deal, but apparantly
not enough.
What I did was this, I used the IKEYMAN tool to create a certificate
request. I send the request to our CA, and I received the the final
certificate. I then went into WAS's management section, clicked on
the SSL link, entered the information as requested, clicked save, and
as you have probably guessed, SSL still didn't work (i tried both
HTTPS://localhost/site/page.html and
HTTP://localhost:443/site/page.html). It seems a bit odd to me to go
this route primarily because at no point did WAS ask me which URL I
wish to bind this certificate too (our WAS hosts numerous sites).
Now, as I stated earlier, I have very limite knowledge of this
subject. I am a software developer, and rarely have to configure
Application Servers. I tried finding good reference material on the
subject, but most of the material I find involve IBM HTTP server,
which is probably what is driving this, but their instructions are no
good to me because they almost always start with "Start IBM's HTTP
Server Manager" ... which doesn't exist on my machine. Are there easy
to follow instructions out there somewhere on how to just set up SSL
on WAS from the beginning? It doesn't seem like such a complicated
thing, however it is giving me an extremely difficult time. Any help
at all would be greatly appreciated.
Thanks in advance
Dan
| |
| Stefan T 2004-05-05, 9:33 am |
| Dan,
The definite source for those questions would bethe IBM redbook dealing with
WAS 5.0 Security. Find it here:
"http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/SG246573.html
?Open"
You should read chapter 10.10 (maybe 10.11, 10.12) of the security redbooks
thoroughly, which is the best description available I found so far.
Usually you install WAS5.0 in conjunction with IBM HTTP Server (IHS, kind of
Apache). A common setup is that IHS is configured for SSL (using a virtual
host directive in httpd.conf) and routes the requests to WAS 5.0. In this
case you need to create your certificate request using the IHS ikeyman tool
(find it in the bin dir). If you further want to have the connections from
IHS to WAS secured you would need to setup WAS for SSL as you described. A
common pitfall is that the port 443 is not added as Host Alias to the
virtual host settings for the "default_host" of WAS 5.0 (You find those
settings in WAS adminconsole under "environment".
Hope that gives you a starting point.
Cheers
Stefan
"Dan" <zhanngol@yahoo.com> wrote in message
news:75c66504.0405050450.5de2b68d@posting.google.com...
> Hello,
>
> I am a software engineer with very limited knowledge of WAS. Just for
> background, we are running WAS 5.0 on a Win2000 machine, and our final
> product is a Java Applet/Servlet. I have been tasked with setting up
> SSL on one of the sites hosted on our WAS. Not only do I know very
> little about WAS, I know less about SSL. I have been reading up on
> both subjects and seem to have learned a great deal, but apparantly
> not enough.
>
> What I did was this, I used the IKEYMAN tool to create a certificate
> request. I send the request to our CA, and I received the the final
> certificate. I then went into WAS's management section, clicked on
> the SSL link, entered the information as requested, clicked save, and
> as you have probably guessed, SSL still didn't work (i tried both
> HTTPS://localhost/site/page.html and
> HTTP://localhost:443/site/page.html). It seems a bit odd to me to go
> this route primarily because at no point did WAS ask me which URL I
> wish to bind this certificate too (our WAS hosts numerous sites).
>
> Now, as I stated earlier, I have very limite knowledge of this
> subject. I am a software developer, and rarely have to configure
> Application Servers. I tried finding good reference material on the
> subject, but most of the material I find involve IBM HTTP server,
> which is probably what is driving this, but their instructions are no
> good to me because they almost always start with "Start IBM's HTTP
> Server Manager" ... which doesn't exist on my machine. Are there easy
> to follow instructions out there somewhere on how to just set up SSL
> on WAS from the beginning? It doesn't seem like such a complicated
> thing, however it is giving me an extremely difficult time. Any help
> at all would be greatly appreciated.
>
> Thanks in advance
> Dan
|
|
|
|
|