Context Path |
|
User Principal |
admin |
ihs端口影射到was端口,间接接访问应用
Snoop Servlet – Request/Client Information
Requested URL:
https://localhost/snoop |
Servlet Name:
Snoop Servlet |
Request Information:
Request method |
GET |
Request URI |
/snoop |
Request protocol |
HTTP/1.1 |
Servlet path |
/snoop |
Path info |
|
Path translated |
|
Character encoding |
|
Query string |
|
Content length |
|
Content type |
|
Server name |
bvt-was85-rhel63-x64.test.local |
Server port |
443 |
Remote user |
admin |
Remote address |
9.78.173.21 |
Remote host |
9.78.173.21 |
Remote port |
33764 |
Local address |
9.181.116.201 |
Local host |
bvt-was85-rhel63-x64.test.local |
Local port |
9443 |
Authorization scheme |
BASIC |
Preferred Client Locale |
en_US |
All Client Locales |
en_US |
All Client Locales |
en |
All Client Locales |
zh_CN |
All Client Locales |
zh |
Context Path |
|
User Principal |
admin |
—————————————
IHS单双向SSL配置
http://wenku.baidu.com/link?url=uEY1Ed5qMRQDKoyromVLZSg9jKETFkfpYt74YW4xuFoMNbzXVSmK-gNmydAycsqozX8_LmkmjmR0-GZdGj39ZN0-9dn7-vzyNpAVAouYYdy
HIS与WAS间的单向信任:只在keyfile中建立自签名证书(个人证书下面的)
httpd.conf
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
SSLEnable
ErrorLog logs/error_log
SSLClientAuth none
SSLDisable
Keyfile “C:/Program Files/IBM/HTTPServer/ssl/key.kdb”
SSLV2Timeout 100
SSLV3Timeout 1000
HIS与WAS间的双向信任:
从信任网站网站下载.cer文件,在keyfile中导入签署人证书
另外改httpd.conf
SSLClientAuth required
——————————————————————-
key.kdb生成步骤-ikeyman
http://wenku.baidu.com/link?url=ALRN1hXSu-ribq-inPRhy9bxzgPFyTJXyMjh4Rvo__QyrWZzaON81AYoLmFf0AQX7dbQuwJv02aJH1SgYLZQWdxMQ8BGSQkMtKMu8JxULz_
——————————————————
Lotus Connections安装配置步骤文档
http://www.docin.com/p-74919312.html
相当完整的一个涉及ihs-was的ssl集成的stepbystep,主题是Lotus connections的部署
http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+3.0.1+documentation#action=openDocument&res_title=Configuring_IBM_HTTP_Server_for_SSL_ic301&content=pdcontent
——————————————————
IHS Plugin默认plugin-key.kdb 密钥证书密码过期分析与解决
http://www.java2class.net/bbs/viewthread.php?tid=224
非常好的support文档
——————————————————
http://bbs.csdn.net/topics/280075349
配置IHS的HTTPS
一、安装
1、安装WebSphere Deployment Network
2、安装IBM HTTP Server
3、安装IBM HTTP Server Plugins
二、配置Web Server
1、通过DM的控制台配置Web Server,生成插件,并传播插件
2、确认在IBM HTTP Server安装目录的conf目录下的httpd.conf的最后几行是否增加了如下两个配置
LoadModule was_ap20_module /usr/IBM/HTTPServer/Plugins/bin/64bits/mod_was_ap20_http.sl
WebSpherePluginConfig /usr/IBM/HTTPServer/Plugins/config/webserver1/plugin-cfg.xml
三、配置SSL
1、利用ikeyman生成自带签名的证书,
2、配置SSL信息
在IBM HTTP Server安装目录的conf目录下的httpd.conf增加如下内容,路径注意相应进行修改即可。
# SSL Config Begin
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
SSLEnable
SSLDisable
KeyFile “/usr/IBM/SSLkeys/WebServerKeys.kdb”
# SSL Config End
四、启动IBM HTTP Server
进入IBM HTTP Server安装目录的bin目录
运行 ./apachectl start
五、访问
无SSL:http://地址:8888/
有SSL:https://地址/
注意:
部署应用时,注意需要将应用部署到Application Server及IHS的Web Server上,即可。
——————————————————
http://www-01.ibm.com/support/docview.wss?uid=swg21264477
GSK_ERROR_BAD_CERT error configuring SSL between Plug-in and WebSphere Application Server V6.1
Technote (troubleshooting)
Problem(Abstract)
When an HTTPS request is sent to a IBM WebSphere Application Server V6.1 server, from a web server, the web server plug-in log shows the error:
ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)
Cause
WebSphere Application Server V6.1 has brand-new SSL management functions which need to be clearly understood to come to a proper configuration and a complete resolution. Although there are technotes for earlier Application Server versions related to this problem, there is no comprehensive document that describes the nature of this problem and how to make a valid SSL configuration between plug-in and WebSphere Application Server V6.1, Network Deployment (ND) and Stand Alone, to solve this problem.
First look at the signs about the nature of the problem in the plug-in side:
If trace is enabled for the web server plug-in, these lines are logged in the http_plugin.log file when a HTTPS request is tried:
DETAIL: ws_common: websphereFindTransport: Setting the transport(case 1): servis2 on port 9443 |
以下文章点击率最高
Loading…