For load balanced implementations, you must configure SSL
between the IBM HTTP Server plug-in
and each node in the cluster.
Before you begin
IBM HTTP Server is installed
and configured for load balancing.
About this task
For each node in the cluster, follow these instructions to
configure the node to communicate over a secure (SSL) channel with
the
IBM HTTP Server.
Procedure
- Log in to the Dashboard Application Services Hub.
- In the navigation pane, click and click Launch Websphere administrative
console.
- Follow these steps to extract signer certificate from the
truststore:
- In the WebSphere Application Server administrative
console navigation pane, click .
- In the Related Items area, click the Key
stores and certificates link and in the table click the NodeDefaultTrustStore link.
- In the Additional Properties area, click the Signer
certificates link and in the table that is displayed,
select the root entry check box.
- Click Extract and in the page
that is displayed, in the File name field,
enter a certificate file name (certficate.arm. For example, c:\tivpc064ha1.arm.
- From the Data Type list, select
the Base64-encoded ASCII data option and click OK.
- Locate the extracted signer certificate and copy it
to the computer that is running the IBM HTTP Server.
- On the computer that is running the IBM HTTP Server, follow these steps to
import the extracted signer certificate into the key database:
- Start the key management utility (iKeyman), if it is
not already running, from HTTP_SERVER_PATH/bin:
- At the command line, enter ./ikeyman.sh
- At the command prompt, enter ikeyman.exe
- Open the CMS key database file that is specified in plugin-cfg.xml. For example, HTTP_SERVER_PATH/plug-ins/etc/plug-in-key.kdb.
- Provide the password (default is WebAS)
for the key database and click OK.
- From the Key database content,
select Signer Certificates.
- Click Add and select the signer
certificate that you copied from the node to the computer that is
running the IBM HTTP Server and click OK.
- Select the Stash password to a file check
box and click OK to save the key database file.
- Repeat these steps for each node in the cluster.
- For the changes to take effect, stop and restart all nodes
in the cluster and also restart the computer that is running the IBM HTTP Server.
- In the JazzSM_WAS_Profile/bin directory,
for a server named server1,
run the following command:
- On Windows
- stopServer.bat server1
- On UNIX
- stopServer.sh server1
Note: You are prompted to provide an administrator
username and password.
- In the JazzSM_WAS_Profile/bin directory,
for a server named server1,
run the following command:
- On Windows
- startServer.bat server1
- On UNIX
- startServer.sh server1
- Restart the IBM HTTP Server. For more information, see Starting and stopping IBM HTTP Server.
What to do next
You can access the load balanced cluster through
https://http_server_hostname/hcl/console(assuming
that the default context root (
/hcl/console) was defined in at
the time of installation.