Stack Dump = javax.management.MBeanException: Exception thrown in RequiredModelMBean while trying to invoke operation launchProcess
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1116)
。。。
Caused by: com.ibm.websphere.management.exception.AdminException: Server, webserver1, not found.
。。。
突然記起以前做的時候好像是要運行一個IHS安裝過程中自己生成的腳本的,試試看。在PLUGIN_HOME\bin找到configurewebserver1.bat拷貝至DM_PROFILE\bin直接執行,webserver1的啟動停止都OK了。
接下來開始在本次試驗的主要工作:
1、
使用ikeyman生成CMS key database file,雖然好像除了CMS外還有其他的類型但是好像看到某本redbook上說了IHS只能使用CMS的。創建了mykey.kdb後再給運行IHS 的機器發一個證書,直接在ikeyman中新建自簽署證書就可以,創建的證書會出現在個人證書列表中,最後不要忘了轉儲密碼(Stash the password to a file).
ihs_610.pdf中描述如下:
Create a new key database as follows:
1. Start the IKEYMAN user interface. Refer to Starting the Key Management utility for platform-specific instructions.
2. Click key database file from the main user interface, then click New. Select CMS for the Key database type. IBM HTTP Server does not support database types other than CMS.
3. Enter your password in the Password Prompt dialog box, and confirm the password. Select Stash the password to a file. Click OK. The new key database should display in the IKEYMAN utility with default signer certificates. Ensure that there is a functional, non-expiring signer certificate for each of your personal certificates.
Creating a self-signed certificate
It usually takes two to three weeks to get a certificate from a well known certificate authority (CA). While waiting for a certificate to be issued, use IKEYMAN to create a self-signed server certificate to enable SSL sessions between clients and the server. Use this procedure if you act as your own CA for a private Web network. Complete the following steps to create a self-signed certificate:
1. If you have not created the key database, see Creating a new key database for instructions.
2. Start the IKEYMAN user interface.
3. Click Key Database File from the main UI, and then click Open.
4. Enter your key database name in the Open dialog box, or click the key.kdb file, if you use the default. Click OK.
5. In the Password Prompt dialog box, enter your correct password and click OK.
6. Click Personal Certificates in the Key Database content frame, and click the New Self-Signed radio button.
7. Enter the following information in the Password Prompt dialog box: v Key label: Enter a descriptive comment to identify the key and certificate in the database.
v Key size: Choose your level of encryptions from the drop-down menu.
v Common Name: Enter the fully qualified host name of the Web server as the common name. Example: www.myserver.com.
v Organization Name: Enter your organization name.
v Optional: Organization Unit v Optional: Locality
v Optional: State/Province
v Optional: Zip code
v Country: Enter a country code. Specify at least two characters. Example: US Certificate request file name, or use the default name.
v Validity Period
8. Click OK.
其實在生產環境中應該是創建完key database後將CA發的證書(如*.cer)導入,自己做試驗的話自簽一個就可以,並不影響配置和實現。
2、修改http.conf。
以下是我在http.conf中增加的:
# SSL config
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
SSLEnable
SSLDisable
KeyFile “C:/IBM/HTTPServer/bin/mykey.kdb”
一開始看到IBM中國的論壇上說NT環境的話load一個XXX.dll,但是打開IHS_HOME\modules看到了一大堆的so,而且原來的http.conf中也load了不少so,找redbook上寫的應該沒錯。改完保存重新啟動IHS,一切OK。
下面開始驗證,就拿snoop來試一試吧。打開http://…:9080/snoop,顯示正常。試試http://…/snoop,
等了半天沒出來。troubleshooting的時間到了,很明顯request沒有被plugin轉發給WAS,重新生成插件看看。在DM console中找到”環境—更新全局 Web 伺服器插件配置”,更新完之後原來http.conf中的WebSpherePluginConfig指向的文件並沒有更新,難道是插件位置不對?修改為 DM_HOME\config\cells\plugin-cfg.xml,這回IHS讀到新的插件了,但是老覺得”更新全局 Web 伺服器插件配置”中的全局好像大對勁。搞了半天沒找對地方,更新webserver1的插件應該是在”伺服器–Web伺服器”中的這回應該沒錯了,再試
還是老樣子。突然想起來之前做過的另一個試驗給server1加上了80偵聽,動手把IHS改成81。修改了Listen 0.0.0.0:81和ServerName szd610-286.boshi.com.cn:81兩行。奇怪的是原來IHS占著80,server1啟動時也不會報錯。重起webserver1和 server1後80和81都正常啟動了,http://…:81/snoop和http://…/snoop訪問正常,訪問https: //…/snoop出來兩個安全警報,確定後終於看到了snoop。
IHS虛擬主機SSL配置
原文地址:
由於websphere 的經典模式是將靜態頁面,圖片與動態頁面
分離,所以經常會遇到虛擬主機配置的問題。
常規的虛擬主機配置與apache的虛擬主機配置一樣只需配置virual host標籤,但是如果遇到兩個虛擬主機都需要SSL通訊該如何配置呢?
下面給出配置方案
其實沒有大家想得那麼複雜,只需要針對每個虛擬主機對應得域名配置一個443的虛擬主機即可。
1,用ikeyman生成密鑰
2,在httpd.conf中加入
NameVirtualHost 10.4.33.1:80
DocumentRoot path1
ServerName domain1.cn
DocumentRoot path2
ServerName domain2.cn
Listen 443
NameVirtualHost 10.4.33.51:443
DocumentRoot path1
ServerName domain1.cn
SSLEnable
DocumentRoot path2
ServerName domain2.cn
SSLEnable
SSLDisable
KeyFile “/opt/IBMIHS/bin/key.kdb”
以下文章點擊率最高
Loading…