IBM Support

How to enable an IBM Websphere Application Server Liberty profile to use SSL

Question & Answer


Question

How do you enable a Websphere Application Server (WAS) Liberty profile running on the IBM i to use SSL with a client?

Answer

If you do not already have an IBM WebSphere Application Server (WAS) Liberty profile created then refer to the following document:
Liberty Profile - Create, Start, Install Application

NOTE: This document describes ONLY how to configure your application server for SSL/TLS communications.

If you would like to configure your WAS Liberty profile for SSL with an IBM HTTP Server, please refer to the following document:
How To Manually Associate An IBM i HTTP Server With An IBM WebSphere Application Server Liberty Profile

Variables

<wlp.install.dir> = /QIBM/ProdData/WebSphere/Liberty/V85/Express/
<server.config.dir> = /QIBM/UserData/WebSphere/AppServer/V85/Liberty/wlp/usr/servers/<serverName>
Creating a keystore and generating a self-signed certificate

In order to create the keystore and generate the self-signed certificate using the command line, you must use the securityUtility command that is in the <wlp.install.dir>/bin.

1. Go into Qshell by typing QSH on the OS command line.
2. cd <wlp.install.dir>/bin
3. Run the following command and replace myserver with your liberty profile or server that you created and mypwd with the password you would like to use for the keystore:

> securityUtility createSSLCertificate --server=myserver --password=mypwd

Creating keystore <server.config.dir>/resources/security/key.jks
 Created SSL certificate for server myserver

Add the following lines to the server.xml to enable SSL:

<featureManager>
           <feature>ssl-1.0</feature>
       </featureManager>
       <keyStore id="defaultKeyStore" password="{xor}Nj0yLyg7" />
   $

NOTE: Do not copy the lines in this document and place in your server.xml file, but rather lines that are output to your screen.

4. Use F3 to exit your Qshell session or use F12 to temporarily disconnect from your Qshell session.

5. Edit the server.xml file from the OS command line:

 EDTF '<server.config.dir>/server.xml'

Your file will look similar to this:


6. Insert 6 lines so you can copy the lines to the file. Put I6 (letter I and number 6) in the CMD area to insert 6 empty lines as shown:



7. Hit enter and you will now have these empty lines inserted. Now copy the lines from your command output into the file as shown:



8. Now press F3 to save and F3 again to exit. The server automatically detects the changes and activates the SSL port.

For further information reference the following redbook.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]

Document Information

Modified date:
18 December 2019

UID

nas8N1019907

Page Feedback