There may be times when you need to you will want to secure the HTTP URL that opens the SEAS GUI. This procedure will allow you to still secure the browser webpage when launching the the SEAS GUI with your own cetificate, but still secure the GUI connection usual.
1.1 Configure SEAS JettyConfigDef.xml to use different TLS/SSL connection information from the IBM SEAS server
To configure the embedded Jetty Http Server in IBM SEAS to use TLS/SSL to secure its connection, and also in addition, to use the different and separate TLS/SSL secure connection information from the IBM SEAS server, then user will config JettyConfigDef.xml with the information specified below. The httpsEnabled attribute must be set to TRUE; also, if client’s TLS/SSL authentication is required, then clientAuthEnabled attribute must also be set to TRUE
<jettyConfigDef>
<port>XXXX</port>
<host>XXXX</host>
<context>/</context>
<docRoot>../conf/jetty/docroot</docRoot>
<libContext>lib</libContext>
<libRoot>../lib</libRoot>
<httpsEnabled>false</httpsEnabled>
<clientAuthEnabled>false</clientAuthEnabled>
<sysSslInfoDef>
<keyStoreFile>../conf/system/keystore</keyStoreFile>
<keyStorePassword>XXXX</keyStorePassword>
<keyStoreType>JKS</keyStoreType>
<cipherSuites>
<cipherSuite>TLS_RSA_WITH_AES_128_CBC_SHA</cipherSuite>
<cipherSuite>TLS_RSA_WITH_3DES_EDE_CBC_SHA</cipherSuite>
</cipherSuites>
<keyManagerAlgorithm>IbmX509</keyManagerAlgorithm>
<name>defSslInfo</name>
<verStamp>1</verStamp>
</sysSslInfoDef>
<sysTruststoreInfoDef>
<trustStoreFile>../conf/system/truststore</trustStoreFile>
<trustStorePassword>XXXX</trustStorePassword>
<trustStoreType>JKS</trustStoreType>
<trustManagerAlgorithm>IbmX509</trustManagerAlgorithm>
<name>defTrustStore</name>
<verStamp>1</verStamp>
</sysTruststoreInfoDef>
</jettyConfigDef>
Users/clients must make these changes manually as there is no GUI or command line interface to make these modifications/changes yet.
