Autonomic computing tip: So you want SSL security on ISC

Document options Document options requiring JavaScript are not displayed Discuss Rate this page Help us improve this content

Level: Intermediate

Kane Scarlett (kane@us.ibm.com), developerWorks Editor, IBM　
Bimal Shah (bimal@us.ibm.com), Advisory Software Engineer, IBM
Aya Zaghloul (ayazag@us.ibm.com), Software Engineer, IBM

31 Jul 2007

Secure Sockets Layer (SSL) provides encryption, certificate-based authentication, and security negotiations, allowing you to bring data security over open communications channels to your Integrated Solutions Console (ISC). This is a quick checklist of step-by-step instructions on enabling SSL certificates on your ISC versions 5.1 and 6.0.1.

Let's say you want to enable either a

• Dummy Certificate (a certificate that contains "dummy" information to serve as placeholders that are used temporarily to set up SSL and test its functions in a specific environment),
• Self-Signed Certificate (a certificate that is created by the user himself), or
• Certificate Authority (CA) certificate (a certificate from an organization that is trusted by the industry as a whole and whose business is the issuing of Internet certificates)

on the Integrated Solutions Console 5.1 or 6.0.1. This tip provides a checklist of the steps you need to take to implement SSL certificates on your ISC. Editor's note: These are merely the top-level steps, not the more granular details -- for more detail and other implementation notes, see the article this tip was taken from, "Configuring and enabling SSL on the Integrated Solutions Console 5.1/6.0.1."

Enabling 5.1/6.0.1 with a dummy certificate

To enable SSL on the ISC 5.1 or 6.0.1 with a dummy certificate:

1. Edit virtualhosts.xml file.
2. Edit ConfigService.properties file.
3. Edit web.xml file.
4. Edit wpconfig.properties file.
5. Run the WPSconfig command.
6. Remove the passwords.
7. Restart ISC_Portal.

Enabling 5.1/6.0.1 with a self-signed certificate

To enable SSL on the ISC 5.1 with a self-signed certificate:

1. Create the 4 SSL key/trust files using Self-Signed Certificates.
2. Create the JACL script in <isc root>\AppServer\bin.
3. Modify wsadmin.properties to reflect the correct SOAP port.
4. Run wsadmin on the JACL script.
5. Modify ConfigService.properties and virtualhosts.xml.
6. Modify web.xml.
7. Stop the ISC_Portal.
8. Modify the soap.client.props.
9. Start the ISC_Portal.
10. Test your changes.

To enable SSL on the ISC 6.0.1 with a self-signed certificate:

1. Create the 4 SSL key/trust files using Self-Signed Certificates.
2. Create the JACL script in <isc root>\AppServer\bin.
3. Modify wsadmin.properties to reflect the correct SOAP port.
4. Run wsadmin on the JACL script.
5. Modify ConfigService.properties.
6. Modify web.xml.
7. Stop the ISC_Portal.
8. Modify the soap.client.props.
9. Start the ISC_Portal.
10. Test your changes.

Enabling 5.1/6.0.1 with a CA certificate

To enable SSL on the ISC 5.1 with a CA certificate:

1. Create the SSL Server/Client key and trust files.
2. Create the JACL script in <isc root>\AppServer\bin.
3. Modify wsadmin.properties to reflect the correct SOAP port.
4. Run wsadmin on the JACL script.
5. Modify ConfigService.properties and virtualhosts.xml.
6. Modify web.xml.
7. Stop the ISC_Portal.
8. Modify the soap.client.props.
9. Start the ISC_Portal.
10. Test your changes.

To enable SSL on the ISC 6.0.1 with a CA certificate:

1. Create the SSL Server/Client key and trust files.
2. Create the JACL script in <isc root>\AppServer\bin.
3. Modify wsadmin.properties to reflect the correct SOAP port.
4. Run wsadmin on the JACL script.
5. Modify ConfigService.properties.
6. Modify web.xml.
7. Stop the ISC_Portal.
8. Modify the soap.client.props.
9. Start the ISC_Portal.
10. Test your changes.

Why is this important?

The Integrated Solutions Console provides a common Web-based administrative console framework for hosting and integrating console modules in a manner that allows customers to manage solutions rather than specific IBM products. This framework includes Portlet container, Java management applications, and Eclipse Help modules.

SSL can be configured to provide confidentiality and encryption. Communication between the client browser and the ISC server can be protected using SSL. Encryption is important because ISC uses form-based authentication, which does not encrypt the user ID and password that are transmitted during login. If a console module requires access to backend resources over secure connections, its portlets can use SSL.

Why should any of this matter? Because securely (and effectively) transmitting data over open communications channels is a critical component to maintaining a modern IT system, SSL is a powerful protocol to help achieve that security, and enabling SSL in an ISC environment can be a complex and challenging task. Why challenging? Data security in a Web-based application environment such as ISC can seem a bit vague to first-timers because IT security itself is a broad topic -- it covers many different aspects in open communication networks.

Resources

• "What is SSL and why should I care?" (developerWorks, March 2007) is the first in this series.
  
  
• "Configuring and enabling SSL on the Integrated Solutions Console 5.1/6.0.1" (developerWorks, May 2007) is the article in this series that these checklists were taken from.
  
  
• Create your own self-signed server certificate with this step-by-step guide.
  
  
• This resource explains what components in which browsers require CA-signed SSL certificates.
  
  
• For more on SSL in the WebSphere Application Server and IBMJSSE, try this InfoCenter page.
  
  
• This quick tip can show you how to launch the ISC console through a Web browser after installation.
  
  
• "Embed the Integrated Solutions Console installation" (developerWorks, March 2005) demonstrates how to use the installer to embed the ISC in another product.
  
  
• For more on Java, Tivoli and WebSphere products, Eclipse, and security, visit the developerWorks and alphaWorks sites dedicated to the topic.
  
  

• Pick up a version of the Integrated Solutions Console and also learn more about it from the Autonomic Computing Toolkit.
  
  
• The WebSphere Application Server 6.1 is a Java 2 Enterprise Edition and Web services technology-based application platform; besides the regular version, you can download the Express version (a ready-to-go package including a J2EE app server, sample applications, development tools, and wizards) or the Community Edition (a free, lightweight version).
  
  

• Participate in the discussion forum.
  
  
• For relatively quick answers to installation and implementation difficulties, try the Integrated Solutions Console support forum and the Embedded WebSphere Application Server Express support forum.

About the authors

		Kane Scarlett is a technology journalist/analyst with 20 years in the business, working for such publishers as National Geographic, Population Reference Bureau, Miller Freeman, and International Data Group and managing and editing for such journals as JavaWorld, LinuxWorld, DV Magazine, NC World, and of course, developerWorks.

		Bimal Shah has been the Service and Support Team Lead for the Integrated Solutions Console (ISC) for the last two years. He has developed and implemented unique componentization service and support processes for the Integrated Solutions Console, which has been extremely well received by its deployers and consumers. He has worked within various groups at IBM including VM, Power Parallel Systems, AUIML, and Personal Communications (with the 3270/5250 emulator). He holds bachelor's degree in electrical engineering (India) and a master's in computer science (NJIT).

		Aya Zaghloul joined the Integrated Solutions Console team after graduating from North Carolina State University with a bachelor's degree in computer science. For the past five years, Aya has worked in various areas of the Integrated Solutions Console team, including development, test, tooling, and currently, Service and Support.

Rate this page

Please take a moment to complete this form to help us better serve you. Did the information help you to achieve your goal? Yes No Don't know   Please provide us with comments to help improve this page:   How useful is the information? 1 2 3 4 5 Not useful Extremely useful

Back to top