For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Configure SSL for Liberty profile

Create a keystore, import the Secure Socket Layer (SSL) certificate, and edit the server.xml file to configure SSL on Liberty profile.


Follow the steps in this procedure to configure SSL on Liberty profile.


  1. Create a keystore for our web server; use the securityUtility with the createSSLCertificate option. See Enabling SSL communication for the Liberty profile for more information.
  2. Import the SSL certificate and the corresponding chain certificate into the keystore by following the instructions provided by the certificate authority.
  3. Enable the ssl-1.0 Liberty feature in the server.xml file.

    <featureManager> <feature>ssl-1.0</feature> </featureManager>

  4. Add the keystore service object entry to the server.xml file. The keyStore element is called defaultKeyStore and contains the keystore password. For example:

    <keyStore id="defaultKeyStore" location="/path/to/myKeyStore.p12" password="myPassword" type="PKCS12"/>

  5. Make sure that the value of the httpEndpoint element in the server.xml file defines the httpsPort attribute. For example:

    <httpEndpoint id="defaultHttpEndpoint” host="*" httpPort="9080” httpsPort="9443" >

  6. Restart the web server. Now we can access the web server by https://myserver:9443/...

Parent topic: Configuring Secure Sockets Layer (SSL)