I am just looking for some information. I want to enable ssl and https redirect on (some basic security so I can expose the appCenter and apps for testing):
Websphere application server liberty v. 8.5.5.0
windows server 2008 R2
Java version 1.7.0_71 64bit
What I did: Installed eclipse + mobilefirst studio then websphere application server liberty v. 8.5.5.0 then the MobileFirst Platform Server
I read the guide here and the security utility guide
These guides are quite limited and I am very new to WebSphere, I have questions about how to remove the existing certificate and generate new self-signed on succesfully
I would just like to see a more complete example, some of the related posts here refer to configuring the web.xml but it's not in the documentation.
Can anyone point me to a fuller example that shows how enabling ssl and https redirect are setup? My end goal is that accessing the appCenter uses ssl and https redirect.
Thanks
I'll try to answer your question in parts, as it is quite broad.
To enable ssl in the Liberty profile the easiest is to use WDT (WebSphere Developer Tools) in Eclipse. in the Servers
view right click the server and select Utilities > Create SSL Certificate
. It will:
${server.output.dir}/resources/security/key.jks
Console
view it will output piece of code you need to add to your server.xml
:<featureManager> <feature>ssl-1.0</feature> </featureManager> <keyStore id="defaultKeyStore" password="{xor}encodedPassword=" />
You can do the same from command line from wlp\bin
invoking securityUtility command:
securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365
--subject=CN=mycompany,O=myOrg,C=myCountry
After modifying server.xml
your Liberty is enabled for SSL on 9443:
https://localhost:9443/
Unfortunately there is not much in Liberty itself for it. So here are your options:
securityUtility
as above - allows to override period and SNC:\Java\jdk1.7.0_67\bin>keytool -genkeypair -alias myCert -keystore keystore.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: liberty What is the name of your organizational unit? [Unknown]: test What is the name of your organization? [Unknown]: gas What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=liberty, OU=test, O=gas, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <mykey> (RETURN if same as keystore password): Re-enter new password:
Whatever method you will use to create new keystore and self sing cert, update keyStore
definition in server.xml
By default any unconfigured application will be available over http and https.
If you want to force application to use SSL you will need to create/modify web.xml
file for that application. Add the following to your web.xml
:
<security-constraint>
<display-name>allApp</display-name>
<web-resource-collection>
<web-resource-name>allresources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
And you have to enable application security adding following to server.xml
:
<featureManager> <feature>appSecurity-2.0</feature> </featureManager>
You're done. You have SSL enabled for your server and redirection for given app.