IHS和WAS集成以及SSL设置3

Context Path

 

User Principal

admin



ihs
端口影射到was端口,间接接访问应用

Snoop Servlet – Request/Client Information

Requested URL:

https://localhost/snoop

 

Servlet Name:

Snoop Servlet

 

Request Information:

Request method

GET

Request URI

/snoop

Request protocol

HTTP/1.1

Servlet path

/snoop

Path info

 

Path translated

 

Character encoding

 

Query string

 

Content length

 

Content type

 

Server name

bvt-was85-rhel63-x64.test.local

Server port

443

Remote user

admin

Remote address

9.78.173.21

Remote host

9.78.173.21

Remote port

33764

Local address

9.181.116.201

Local host

bvt-was85-rhel63-x64.test.local

Local port

9443

Authorization scheme

BASIC

Preferred Client Locale

en_US

All Client Locales

en_US

All Client Locales

en

All Client Locales

zh_CN

All Client Locales

zh

Context Path

 

User Principal

admin

 

—————————————

IHS单双向SSL配置

http://wenku.baidu.com/link?url=uEY1Ed5qMRQDKoyromVLZSg9jKETFkfpYt74YW4xuFoMNbzXVSmK-gNmydAycsqozX8_LmkmjmR0-GZdGj39ZN0-9dn7-vzyNpAVAouYYdy


HIS
WAS间的单向信任:只在keyfile中建立自签名证书(个人证书下面的)

httpd.conf
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

Listen 443

SSLEnable
ErrorLog logs/error_log
SSLClientAuth none

SSLDisable
Keyfile “C:/Program Files/IBM/HTTPServer/ssl/key.kdb”
SSLV2Timeout 100
SSLV3Timeout 1000

HISWAS间的双向信任:

从信任网站网站下载.cer文件,在keyfile中导入签署人证书

另外改httpd.conf

SSLClientAuth required

——————————————————————-

key.kdb生成步骤-ikeyman

http://wenku.baidu.com/link?url=ALRN1hXSu-ribq-inPRhy9bxzgPFyTJXyMjh4Rvo__QyrWZzaON81AYoLmFf0AQX7dbQuwJv02aJH1SgYLZQWdxMQ8BGSQkMtKMu8JxULz_

——————————————————

Lotus Connections安装配置步骤文档

http://www.docin.com/p-74919312.html

相当完整的一个涉及ihs-wasssl集成的stepbystep,主题是Lotus connections的部署

http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+3.0.1+documentation#action=openDocument&res_title=Configuring_IBM_HTTP_Server_for_SSL_ic301&content=pdcontent

 

——————————————————

IHS Plugin默认plugin-key.kdb 密钥证书密码过期分析与解决

http://www.java2class.net/bbs/viewthread.php?tid=224

非常好的support文档

——————————————————

http://bbs.csdn.net/topics/280075349

配置IHSHTTPS
一、安装
1
、安装WebSphere Deployment Network
2
、安装IBM HTTP Server
3
、安装IBM HTTP Server Plugins

二、配置Web Server
1
、通过DM的控制台配置Web Server,生成插件,并传播插件
2
、确认在IBM HTTP Server安装目录的conf目录下的httpd.conf的最后几行是否增加了如下两个配置
LoadModule was_ap20_module /usr/IBM/HTTPServer/Plugins/bin/64bits/mod_was_ap20_http.sl
WebSpherePluginConfig /usr/IBM/HTTPServer/Plugins/config/webserver1/plugin-cfg.xml

三、配置SSL
1
、利用ikeyman生成自带签名的证书,

2、配置SSL信息
IBM HTTP Server安装目录的conf目录下的httpd.conf增加如下内容,路径注意相应进行修改即可。
# SSL Config Begin
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

 Listen 443
 
  SSLEnable
 

SSLDisable
KeyFile “/usr/IBM/SSLkeys/WebServerKeys.kdb”
# SSL Config End

四、启动IBM HTTP Server
进入IBM HTTP Server安装目录的bin目录
运行 ./apachectl start

五、访问
SSL:http://地址:8888/
SSL:https://地址/

注意:
部署应用时,注意需要将应用部署到Application ServerIHSWeb Server上,即可。

——————————————————

http://www-01.ibm.com/support/docview.wss?uid=swg21264477

GSK_ERROR_BAD_CERT error configuring SSL between Plug-in and WebSphere Application Server V6.1

Technote (troubleshooting)

 

Problem(Abstract)

When an HTTPS request is sent to a IBM WebSphere Application Server V6.1 server, from a web server, the web server plug-in log shows the error:

ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)

Cause

WebSphere Application Server V6.1 has brand-new SSL management functions which need to be clearly understood to come to a proper configuration and a complete resolution. Although there are technotes for earlier Application Server versions related to this problem, there is no comprehensive document that describes the nature of this problem and how to make a valid SSL configuration between plug-in and WebSphere Application Server V6.1, Network Deployment (ND) and Stand Alone, to solve this problem.

First look at the signs about the nature of the problem in the plug-in side:

If trace is enabled for the web server plug-in, these lines are logged in the http_plugin.log file when a HTTPS request is tried:

 

DETAIL: ws_common: websphereFindTransport: Setting the transport(case 1): servis2 on port 9443
TRACE: ws_common: websphereExecute: Executing the transaction with the app server
DEBUG: ws_common: websphereGetStream: Getting the stream to the app server
TRACE: ws_transport: transportStreamDequeue: Checking for existing stream from the queue
DEBUG: ws_common: websphereGetStream: socket 16 connected to servis2:9443
DEBUG: lib_stream: openStream: Opening the stream
DEBUG: lib_stream: openStream: Stream is SSL
ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)

以下文章点击率最高

Loading…


发表评论

电子邮件地址不会被公开。 必填项已用*标注