Setting Up SSL for WebSphere Application Server

SSL needs to be set up to access the application through a browser over the HTTPS protocol.

Procedure

  1. Enable Transport Chains
    1. In the left panel, expand Servers > Server Types and click WebSphere application servers. The Application servers panel is displayed on the right.
    2. Under Preferences, click servername. For example, server1. The Configuration tab is displayed.
    3. Under Container Settings, expand Web Container Settings and click the Web container transport chains link. The following screen displays the various ports on your server and also provides information on whether SSL is enabled. If SSL is not enabled, you can enable it.

    4. Click New. The Create New Transport Chain window displays Select a transport chain template page.
    • In the Transport chain name field, enter transport chain name. For example, MDMTransportChain2.
    • In the Transport chain template drop-down list, select WebContainer (templates/chains|webcontainer-chains.xml#Chain_1)
For SSL, select WebContainer-Secure(templates/chains|webcontainer-chains.xml#Chain_2).
    1. Click Next. The Create New Transport Chain window displays Select a port page.
    • In the Port name field, enter the port name. For example, MDMTransportChain2.
    • In the Host field, enter the host. For example, *.
    • In the Port field, enter the port number. For example, 9082. Use any unused port number.
    1. Click Next. The Create New Transport Chain window displays Confirm new transport chain creation page.
    2. Under Summary of Actions, a summary of the selections is displayed. Review the information.
    3. Click Finish. The SSL Enabled column for the newly created TransportChain displays Enabled for the specified port and a message is displayed with the Save and Review options.
    4. Click the Save link to save changes to the master configuration.
  2. Specify Host Configuration
    1. In the left panel, expand Environment and click Virtual Hosts. The Virtual Hosts panel is displayed on the right.
    2. Under Preferences, click the virtual host link where ECM is installed. For example, default_host. The Configuration tab is displayed.
    3. Under Additional Properties, click the Host Aliases link.
    4. Under Preferences, click New.
    5. Under General Properties,
    • In the Host Name field, enter *.
    • In the Port field, enter 9082 as port number or any other unused port number.
    1. Click OK. A message is displayed with the Save and Review options.
    2. Click the Save link to save changes to the master configuration.
    3. Restart the server. Browse the application using the https protocol over the listening port.
  3. Certificates (only applies if using GDSN software edition)
    To communicate with 1SYNC securely, you may need to download their certificates and insert them into your trusted certificate store if they are not present already.
    1. Open Internet Explorer and type the secure URL of the server. For example, https://item.preprod.1worldsync.com.
    2. If your computer does not have the certificates in its keystore, a security alert is displayed. This alert warns you that the certificate is not verified and allows you to view the certificate. Click View Certificate to view the certificate. The Certificate window is displayed.
    3. Click on the Certification Path tab. Each certificate listed must be copied to a file.
      • Select the Details tab.
      • Click Copy to File. The Certificate Export Wizard opens and guides you through the steps for copying certificates, certificate trust lists, and certification revocation lists from a certification store to your disk.
      • Choose the Base-64 encoded X.509 (.CER) format and click Next.
      • Provide a filename and click Next.
      • Click Finish. The certificate is exported to the file.
    4. Import the certificates into the trusted certificate store of the Java virtual machine. The default Java virtual machine is located at <Websphere install location>/AppServer/java, and the corresponding trusted certificate store is at <websphere install location>/AppServer/java/jre/lib/security/cacaerts.
    5. Use the keytool utility in jre/bin/keytool to insert all the certificates. For example:
      $keytool -import -alias 1sync -file ./1sync.cer -keystore ../lib/security/cacerts -trustcacerts

      The standard password for the cacerts store is changeit. After you confirm that you trust the certificate, the following message is displayed:

      Certificate was added to keystore.
    6. Repeat this procedure for all certificates.