IHS和WAS集成以及SSL設置3

ihs端口影射到was端口，間接接訪問應用

Snoop Servlet – Request/Client Information

Requested URL:

 

Servlet Name:

 

Request Information:

 

—————————————

IHS單雙向SSL配置

http://wenku.baidu.com/link?url=uEY1Ed5qMRQDKoyromVLZSg9jKETFkfpYt74YW4xuFoMNbzXVSmK-gNmydAycsqozX8_LmkmjmR0-GZdGj39ZN0-9dn7-vzyNpAVAouYYdy

HIS與WAS間的單向信任:只在keyfile中建立自簽名證書（個人證書下面的）

httpd.conf
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

Listen 443

SSLEnable
ErrorLog logs/error_log
SSLClientAuth none

SSLDisable
Keyfile “C:/Program Files/IBM/HTTPServer/ssl/key.kdb”
SSLV2Timeout 100
SSLV3Timeout 1000

HIS與WAS間的雙向信任:

從信任網站網站下載.cer文件，在keyfile中導入簽署人證書

另外改httpd.conf

SSLClientAuth required

——————————————————————-

key.kdb生成步驟-ikeyman

http://wenku.baidu.com/link?url=ALRN1hXSu-ribq-inPRhy9bxzgPFyTJXyMjh4Rvo__QyrWZzaON81AYoLmFf0AQX7dbQuwJv02aJH1SgYLZQWdxMQ8BGSQkMtKMu8JxULz_

——————————————————

Lotus Connections安裝配置步驟文檔

http://www.docin.com/p-74919312.html

相當完整的一個涉及ihs-was的ssl集成的stepbystep，主題是Lotus connections的部署

http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+3.0.1+documentation#action=openDocument&res_title=Configuring_IBM_HTTP_Server_for_SSL_ic301&content=pdcontent

 

——————————————————

IHS Plugin默認plugin-key.kdb 密鑰證書密碼過期分析與解決

http://www.java2class.net/bbs/viewthread.php?tid=224

非常好的support文檔

——————————————————

http://bbs.csdn.net/topics/280075349

配置IHS的HTTPS
一、安裝
1、安裝WebSphere Deployment Network
2、安裝IBM HTTP Server
3、安裝IBM HTTP Server Plugins

二、配置Web Server
1、通過DM的控制台配置Web Server，生成插件，並傳播插件
2、確認在IBM HTTP Server安裝目錄的conf目錄下的httpd.conf的最後幾行是否增加了如下兩個配置
LoadModule was_ap20_module /usr/IBM/HTTPServer/Plugins/bin/64bits/mod_was_ap20_http.sl
WebSpherePluginConfig /usr/IBM/HTTPServer/Plugins/config/webserver1/plugin-cfg.xml

三、配置SSL
1、利用ikeyman生成自帶簽名的證書，

2、配置SSL信息
在IBM HTTP Server安裝目錄的conf目錄下的httpd.conf增加如下內容，路徑注意相應進行修改即可。
# SSL Config Begin
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

 Listen 443
 
  SSLEnable
 

SSLDisable
KeyFile “/usr/IBM/SSLkeys/WebServerKeys.kdb”
# SSL Config End

四、啟動IBM HTTP Server
進入IBM HTTP Server安裝目錄的bin目錄
運行 ./apachectl start

五、訪問
無SSL:http://地址:8888/
有SSL:https://地址/

注意:
部署應用時，注意需要將應用部署到Application Server及IHS的Web Server上，即可。

——————————————————

http://www-01.ibm.com/support/docview.wss?uid=swg21264477

GSK_ERROR_BAD_CERT error configuring SSL between Plug-in and WebSphere Application Server V6.1

Technote (troubleshooting)

 

Problem(Abstract)

When an HTTPS request is sent to a IBM WebSphere Application Server V6.1 server, from a web server, the web server plug-in log shows the error:

ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)

Cause

WebSphere Application Server V6.1 has brand-new SSL management functions which need to be clearly understood to come to a proper configuration and a complete resolution. Although there are technotes for earlier Application Server versions related to this problem, there is no comprehensive document that describes the nature of this problem and how to make a valid SSL configuration between plug-in and WebSphere Application Server V6.1, Network Deployment (ND) and Stand Alone, to solve this problem.

First look at the signs about the nature of the problem in the plug-in side:

If trace is enabled for the web server plug-in, these lines are logged in the http_plugin.log file when a HTTPS request is tried:

 

以下文章點擊率最高