Revasoft Revasoft Banner
HomeOur ExpertiseOur ServicesOUR ProductsAbout UsCareersContactsupport
Print this page  HttpServlet Notes

ULC Http/Https Tunnelling with Servlets

Websphere Installation notes
IBM Websphere SSL Installation notes
Setting up the ULC Servlet into IBM Websphere

This section lists a few hints that may help you get started with SSL and IBM Websphere Application Server 3.02. This section is meant purely as additional information and is by no means a guide to installing WebSphere and/or SSL support.

Testing of SSL was done using the built-in support for SSL in the IBM Websphere 3.02 advanced release and on the UIEngine side the Sun JSSE 1.0.2 class libraries were used.

WebSphere Installation Notes

  1. Install Websphere 3.02 Full Install
  2. Follow all the install instructions for the WebSphere installation
  3. Ensure that the httpd.conf and admin.conf contains the ServerName directive eg:
    		ServerName localhost

  4. You need at least DB2 6.1 with fixpack 2 (This was the configuration that ULC testing was done with)
  5. Ensure that you are using IBM JDK 1.1.8 (the docs say 1.1.7a but I could never get it to work without 118)
    Note: Ensure the java_home property is set to point to the JDK118
  6. Note ensure that the userid used to install websphere has sufficient authority to install a service etc. I found it easier to use a single userid/password for websphere/db2 and the IBM Web server.
  7. Ensure that the IBM Web server starts and you are able to connect to it from a webbrowser.
  8. Ensure that ALL the DB2 services are started.
  9. Install the sample databases and the administration repository databases (see websphere installation notes).
  10. Start the IBM WS AdminServer service.
  11. Start the Admininstrators console from the websphere folder and ensure that you are able to access and configure your websphere application server.
  12. Test the Websphere server by running the WebSphere sample servlets.

top

IBM Webserver SSL Installation notes

  1. Start the IKEYMAN Key Management tool.
  2. Open an existing or Create a new Key database. (eg: key.kdb)
  3. Stash the password for the database into a file (eg: key.sth).
  4. Create a new Self Signed Certificate (eg: Named: RevaSoft).
    Note: DO NOT enter values for the ZIP Code field (This field is not understood by the java keytool/keystore and will generate an exception).
  5. Extract the certificate to a file
  6. Browse the web server administration pages and create a Virtual Host on your test machine. (Configuration Structure->Create Scope).
    Note: Enter the IP address of the test machine. The port should be 443. Give your virtual host a name (eg: test.somename.com) and ensure that this name resolves to the IP address that you just specified. You can do this by adding an entry in your hosts file.
  7. Go to The Security->Server Security section and enable the SSL Security for this virtual host.
  8. Go to The Security->Host Authorization and enable the SSL Security for this virtual host.
    Enter the name of the certificate that you created earlier as well and add all the Cipher specification you want to use)
  9. Apply the changes and restart your IBM Web server.
    The important lines in the httpd.conf file are: (Your configuration may be different)

    Some sample entries in my working WebSphere installation (httpd.conf) file

    #
    ServerName localhost
    #
    LoadModule ibm_app_server_module
    f:/WebSphere/AppServer/bin/mod_ibm_app_server.dll
    LoadModule ibm_ssl_module modules/IBMModuleSSL56.dll
    #
    AfpaEnable
    #
    Listen 443
    #
    Keyfile f:/websphere/ibmhttpserver/key.kdb
    SSLV2Timeout 30
    SSLV3Timeout 30
    VirtualHost 192.168.0.100:443>
    ServerName  revamaa-001.revasoft.com
    ServerPath f:/websphere/ibmhttpserver
    SSLEnable
    SSLClientAuth none
    SSLServerCert RevaSoft
    SSLCipherSpec 22
    SSLCipherSpec 24
    SSLCipherSpec 26
    SSLCipherSpec 30
    SSLCipherSpec 31
    SSLCipherSpec 32
    SSLCipherSpec 33
    SSLCipherSpec 39
    VirtualHost
    ** End of sample entries in the httpd.conf file **
    
  10. The IP address defined as the virtualHost responding to HTTPS must have its own hostname alias.
    Edit your hosts file and add an entry eg:
    192.168.0.100 revamaa-001.revasoft.com
  11. It is also important that the servername matches the Common name in your certificate that is being used otherwise a SSL security exception will occur during the SSL HostName verification handshake.
  12. From the WebSphere Administrators Console go to the Topology page and select the default_host and go to the Advanced page.
    In the Aliases section add your Virtual Host Name with the HTTPS port 443.
    eg:
    revamaa-001.revasoft.com:443 
  13. Locate the Java Runtime environment you are going to use (eg: \jdk1.3\jre) and import the certificate into your \jdk1.3\jre\lib\security\cacerts keystore using the command:
    keytool -keystore c:\jdk1.3\jre\lib\security\cacerts
    -storepass changeit
    -import -alias revamaa-001
    -file c:\MyExtractedCertificate.arm
  14. Edit the \jdk1.3\jre\lib\security\java.security file and add the JSSE Provider classes to the list of security providers as described in the JSSE installation notes.
    eg:
    security.provider.1=sun.security.provider.Sun
    
    security.provider.2=com.sun.net.ssl.internal.ssl.Provider
  15. Verify that the WebSphere server is responding to https requests by running some of the sample servlets.
    eg:
    https://revamaa-001.revasoft.com/servlet/hello
  16. If all the above works you are now ready to setup the ULCServlet.

top

Setting up the ULCServlet into IBM Websphere

  1. The ULCServlet is a generic servlet that is used to run all ULC sample applications as servlets.
  2. From the Administrators Console go to The Topology page and expand the Default Server->servletEngine tree
  3. Select the servletEngine entry and from your popup menu choose Create a new "Web Application".
  4. Enter ULC as your web application name and enter /ulc/ as the Web application path let the Virtual host be default_host
  5. Now select this ULC web application and from the popup menu choose "Create Servlet"
  6. Enter UlcServlet as the servlet name and com.revasoft.ulc.http.UlcServlet as the class name
  7. Click the Add button to add a Servlet Web Path List and enter /ulc/servlet/com.revasoft.ulc.http.UlcServlet
  8. From the advanced page choose the option Load on Startup: true
  9. Complete the servlet creation process by clicking the Create button
  10. Ensure the default server is running and you have followed the steps to install the HTTP Tunnelling code into your ULC release as well as the installation of the JSSE class libraries.

    IMPORTANT: ensure that the UlcTransport.properties file used on the Web server side as well as the UIEngine is the updated properties file which contains the entries for the http and https protocol.

  11. Install the ULC sample applications (eg Dossier) into the ULC web application directory
  12. From the ULC UIEngine\bin directory execute the following command
    run -url http://localhost:80/com.ibm.ulc.examples.Dossier.Dossier
  13. If the above works you can then test https connectivity
    eg:
    https://revamaa-001.revasoft.com:443/com.ibm.ulc.examples.Dossier.Dossier
    
    or
    https://revamaa-001.revasoft.com/com.ibm.ulc.examples.Dossier.Dossier
    (since 443 is the default port for https)

The Dossier sample should start running and if the ORBMonitor was enabled the connection label should indicate that it is a https connection.

If for any reason the sample does not start running check the IBM WebSphere server error.log as well as the UIEngine console for any exceptions that may have been thrown during the SSL handshaking.

top

Back to Products Print this page Back to ULC Demo
ULC
Getting Started
Release Notes
Installation
Running the Samples
Concepts
Architecture Overview
Internal Architecture
Using Layout
UI Engine Extensions
Application Controller
Web Integration
Development
Manual Pages
FAQ
Bringing the Advantage of Thin Client Computing to JAVA
The ULC Tour

top of page
Home | Our Expertise | Our Services | Our Products | About Us | Careers | Contact Us | Support
ULC Demo | ULC Tour | ULC R4.0 | Download | FAQ

 © Copyright 2001 Revasoft Private Limited.
 info@revasoft.com