Configuring a HTTP plug-in manually

The procedure in this topic describes how to manually configure a HTTP plug-in in a single-server environment.

Do the following steps on the server.

1. To log on to the server as an administrative user, open a terminal window and enter the following command:

   su - iocadmin

2. To extract the WebSphere® Application Server Liberty Profile web certificate, enter the following command on one line, where value indicates the appropriate value from your installation properties file.

   /opt/ibm/java-x86_64-80/jre/bin/ikeycmd -cert -extract -label default 
   -db /opt/IBM/WebSphere/wlp/usr/servers/iocsvr1/resources/security/key.jks
   -pw liberty.instance.ssl.cert.pwd -type jks -target /tmp/liberty_cert.arm -format ascii

3. To log on to the server as a root user, open a terminal window and enter the following command:

   su - root

4. To add the WebSphere Application Server Liberty Profile web certificate to the server, enter the following command on one line:

   /opt/IBM/HTTPServer/java/jre/bin/ikeycmd -cert -add -label LibertyCert 
   -db /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb -pw plugin_keystore_password 
   -file /tmp/liberty_cert.arm -format ascii -trust enable

   In the previous command, plugin_keystore_password is the value of the plugin.keystore.pwd property in the /opt/IBM/ioc51install/cfg/ioc.5_1.install.properties file. The default value is WebAS.
5. To generate the HTTP plug-in, enter the following command:

    /opt/IBM/ioc51install/bin/genPlugin.sh -h fully_qualified_host_name -s iocsvr1 -w ioc.user.pwd

   In the previous command, ioc.user.pwd is the value of the ioc.user.pwd property in the /opt/IBM/ioc51install/cfg/ioc.5_1.install.properties file.
6. Update the HTTP plug-in:
   1. In a text editor, open the /opt/IBM/WebSphere/wlp/usr/servers/iocsvr1/plugin-cfg.xml file.
   2. In the ServerCluster tag, edit the full path names for the .kdb and .sth files to match the paths that are shown in the following example:

      <ServerCluster ….>
      <Server ….>
      <Transport Hostname="..." Port="9443" Protocol="https" />
      <Property Name="keyring" Value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb"/>
      <Property Name="stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.sth"/>
      <Property Name="certLabel" Value="LibertyCert" />
      ..
      </Server>
      </ServerCluster>

   3. Append the values 9080 and 9443 to the VirtualHostGroup tag, as shown in the following example:

      <VirtualHostGroup Name="default_host">
      <VirtualHost Name="*:80"/>
      <VirtualHost Name="*:443"/>
      <VirtualHost Name="*:9080"/>
      <VirtualHost Name="*:9443"/>
      </VirtualHostGroup>

   4. Remove the following tags:

      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ibm/adminCenter/explore-1.0/*"/>
      <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/adminCenter/*"/>

7. To back up the plugin-cfg.xml file, enter the following commands:

   cd /opt/IBM/WebSphere/Plugins/config/webserver1
   mv plugin-cfg.xml plugin-cfg-original.xml

8. To replace the plugin-cfg.xml file with the updated plugin-cfg.xml file, enter the following command:

   cp /opt/IBM/WebSphere/wlp/usr/servers/iocsvr1/plugin-cfg.xml ./

9. To restart IBM® HTTP Server, enter the following command:

   /opt/IBM/HTTPServer/bin/apachectl restart