Forcing traffic to be sent over SSL 

You can configure IBM Connections to force all traffic that passes between an IBM Connections server and a user's web browser to be sent over the Secure Socket Layer (SSL).


Before you begin

Be sure that SSL is enabled in your environment before you perform this procedure. See Configure the IBM HTTP Server for SSL in the Installing section of the IBM Connections product documentation for more information.

To edit configuration files, use the wsadmin client. See Starting the wsadmin client for details.


Procedure

  1. Use the wsadmin client to access and check out the IBM Connections configuration files.

    1. Enter the following command to access the IBM Connections configuration file: execfile("connectionsConfig.py")

        If prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file using a local file path, pick the node where the file is stored. This information is not used by the wsadmin client when you are making configuration changes.

    2. Check out the IBM Connections configuration files:

        LCConfigService.checkOutConfig("<working_directory>","<cell_name>")

        where:

        • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft™ Windows™ operating system.

            AIX and Linux™ only: The directory must grant write permissions or the command does not run successfully.

        • <cell_name> is the name of the WAS cell hosting the IBM Connections application. This argument is case-sensitive, so type it with care. To obtain the cell name:print AdminControl.getCell()

        For example:

        • AIX or Linux:LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")

        • Microsoft Windows:LCConfigService.checkOutConfig("c:/temp","foo01Cell01")

  2. Enter the following command:

      LCConfigService.updateConfig("force.conf.comm.enabled", "true")

  3. After making changes, check the configuration files back in and do so during the same wsadmin session in which you checked them out for the changes to take effect. See Apply common configuration property changes for information about how to save and apply your changes.

  4. Optional: To secure session cookies...

    1. Log in to the WAS admin console of the server hosting your IBM Connections applications as the administrator.

    2. Expand Servers -> Server Types, and then select WebSphere application servers.

    3. Click the server hosting IBM Connections from the list of server names.

    4. Click Session Management, and then click Enable cookies.

    5. Select the Restrict cookies to HTTPS sessions check box.

    6. Click Apply, and then click OK.

  5. Optional: To secure LTPA tokens...

    1. From the WAS admin console, expand Security, and then click Global security.

    2. Expand Web and SIP security, and then click single sign-on (SSO).

    3. Select the Requires SSL check box.

    4. Click Apply, and then click OK.


Parent topic

Security


Related tasks


Change common configuration property values
Starting the wsadmin client
Apply common configuration property changes
Enable users to publish file attachments to Lotus Quickr
Configure IBM HTTP Server for SSL
Authenticating requests


   

 

});