For load balanced implementations, you must configure SSL
between the IBM HTTP Server plug-in
and each node in the cluster.
Before you begin
IBM HTTP Server is installed
and configured for load balancing.
About this task
For each node in the cluster, follow these instructions to
configure the node to communicate over a secure (SSL) channel with
the IBM HTTP Server.
Procedure
-
Log in to the Web GUI.
-
In the navigation pane, click and click Launch Websphere administrative
console.
-
Follow these steps to extract signer certificate from the truststore:
-
In the WebSphere Application Server administrative
console navigation pane, click .
-
In the Related Items area, click the Key
stores and certificates link and in the table click the NodeDefaultTrustStore link.
-
In the Additional Properties area, click the Signer
certificates link and in the table that is displayed,
select the root entry check box.
-
Click Extract and in the page
that is displayed, in the File name field,
enter a certificate file name (certficate.arm.
For example, c:\tivpc064ha1.arm.
-
From the Data Type list, select
the Base64-encoded ASCII data option and click OK.
-
Locate the extracted signer certificate and copy it
to the computer that is running the IBM HTTP Server.
-
On the computer that is running the IBM HTTP Server, follow these steps to
import the extracted signer certificate into the key database:
-
Start the key management utility (iKeyman), if it is
not already running, from HTTP_SERVER_PATH/bin:
- At the command line, enter ./ikeyman.sh
- At the command prompt, enter ikeyman.exe
-
Open the CMS key database file that is specified in plugin-cfg.xml.
For example, HTTP_SERVER_PATH/plug-ins/etc/plug-in-key.kdb.
-
Provide the password (default is WebAS)
for the key database and click OK.
-
From the Key database content,
select Signer Certificates.
-
Click Add and select the signer
certificate that you copied from the node to the computer that is
running the IBM HTTP Server and click OK.
-
Select the Stash password to a file check
box and click OK to save the key database file.
-
Repeat these steps for each node in the cluster.
-
For the changes to take effect, stop and restart all nodes
in the cluster and also restart the computer that is running the IBM HTTP Server.
-
In the
JazzSM_WAS_Profile/bin
directory,
depending on your operating system, enter one of the following commands:
-
In the
JazzSM_WAS_Profile/bin
directory,
depending on your operating system, enter one of the following commands:
startServer.bat server1
startServer.sh server1
-
Restart the IBM HTTP Server.
What to do next
You can access the load balanced cluster through https://http_server_hostname/ibm/console (assuming
that the default context root (/ibm/console
) was
defined in at the time of installation.