Websphere Installation notes
IBM Websphere SSL Installation notes
Setting up the ULC Servlet into IBM Websphere
This section lists a few hints that may help you get started with SSL and IBM Websphere Application Server 3.02. This section is meant purely as additional information and is by no means a guide to installing WebSphere and/or SSL support.
Testing of SSL was done using the built-in support for SSL in the IBM Websphere 3.02 advanced release and on the UIEngine side the Sun JSSE 1.0.2 class libraries were used.
WebSphere Installation Notes
- Install Websphere 3.02 Full Install
- Follow all the install instructions for the WebSphere installation
- Ensure that the
admin.conf contains the
ServerName directive eg:
- You need at least DB2 6.1 with fixpack 2 (This was the configuration that ULC testing was done with)
- Ensure that you are using IBM JDK 1.1.8 (the docs say 1.1.7a but I could never get it to work without 118)
Note: Ensure the java_home property is set to point to the JDK118
- Note ensure that the userid used to install websphere has sufficient authority to install a service etc. I found it easier to use a single userid/password for websphere/db2 and the IBM Web server.
- Ensure that the IBM Web server starts and you are able to connect to it from a webbrowser.
- Ensure that ALL the DB2 services are started.
- Install the sample databases and the administration repository databases (see websphere installation notes).
- Start the IBM WS AdminServer service.
- Start the Admininstrators console from the websphere folder and ensure that you are able to access and configure your websphere application server.
- Test the Websphere server by running the WebSphere sample servlets.
IBM Webserver SSL Installation notes
- Start the IKEYMAN Key Management tool.
- Open an existing or Create a new Key database. (eg: key.kdb)
- Stash the password for the database into a file (eg: key.sth).
- Create a new Self Signed Certificate (eg: Named: RevaSoft).
Note: DO NOT enter values for the ZIP Code field (This field is not understood by the java keytool/keystore and will generate an exception).
- Extract the certificate to a file
- Browse the web server administration pages and create a Virtual Host on your test machine. (Configuration Structure->Create Scope).
Note: Enter the IP address of the test machine. The port should be 443. Give your virtual host a name (eg: test.somename.com) and ensure that this name resolves to the IP address that you just specified. You can do this by adding an entry in your hosts file.
- Go to The
Security->Server Security section and enable the SSL Security for this virtual host.
- Go to The
Security->Host Authorization and enable the SSL Security for this virtual host.
Enter the name of the certificate that you created earlier as well and add all the Cipher specification you want to use)
- Apply the changes and restart your IBM Web server.
The important lines in the
httpd.conf file are: (Your configuration may be different)
Some sample entries in my working WebSphere installation (
LoadModule ibm_ssl_module modules/IBMModuleSSL56.dll
** End of sample entries in the httpd.conf file **
- The IP address defined as the virtualHost responding to HTTPS must have its own hostname alias.
Edit your hosts file and add an entry eg:
- It is also important that the servername matches the Common name in your certificate that is being used otherwise a SSL security exception will occur during the SSL HostName verification handshake.
- From the WebSphere Administrators Console go to the Topology page and select the default_host and go to the Advanced page.
In the Aliases section add your Virtual Host Name with the HTTPS port 443.
- Locate the Java Runtime environment you are going to use (eg: \jdk1.3\jre) and import the certificate into your \jdk1.3\jre\lib\security\cacerts keystore using the command:
keytool -keystore c:\jdk1.3\jre\lib\security\cacerts
-import -alias revamaa-001
- Edit the \jdk1.3\jre\lib\security\java.security file and add the JSSE Provider classes to the list of security providers as described in the JSSE installation notes.
- Verify that the WebSphere server is responding to https requests by running some of the sample servlets.
- If all the above works you are now ready to setup the ULCServlet.
Setting up the ULCServlet into IBM Websphere
- The ULCServlet is a generic servlet that is used to run all ULC sample applications as servlets.
- From the Administrators Console go to The Topology page and expand the
Default Server->servletEngine tree
- Select the
servletEngine entry and from your popup menu choose Create a new "Web Application".
- Enter ULC as your web application name and enter /ulc/ as the Web application path let the Virtual host be default_host
- Now select this ULC web application and from the popup menu choose
- Enter UlcServlet as the servlet name and
com.revasoft.ulc.http.UlcServlet as the class name
- Click the Add button to add a Servlet Web Path List and enter
- From the advanced page choose the option
Load on Startup: true
- Complete the servlet creation process by clicking the Create button
- Ensure the default server is running and you have followed the steps to install the HTTP Tunnelling code into your ULC release as well as the installation of the JSSE class libraries.
IMPORTANT: ensure that the
UlcTransport.properties file used on the Web server side as well as the UIEngine is the updated properties file which contains the entries for the http and https protocol.
- Install the ULC sample applications (eg Dossier) into the ULC web application directory
- From the ULC
UIEngine\bin directory execute the following command
run -url http://localhost:80/com.ibm.ulc.examples.Dossier.Dossier
- If the above works you can then test https connectivity
(since 443 is the default port for https)
The Dossier sample should start running and if the ORBMonitor was enabled the connection label should indicate that it is a https connection.
If for any reason the sample does not start running check the IBM WebSphere server error.log as well as the UIEngine console for any exceptions that may have been thrown during the SSL handshaking.