Configure SSL for the plug-in

After you enable the IBM HTTP Server for SSL, configure the WebSphere Application Server plug-in so that the IBM HTTP Server can communicate securely with the application servers. Ensure that SSL was enabled for the WebSphere Application Server web container by pointing your browser to a URL such as https://dm_host:9043/ibm/console.

Set up the IBM HTTP server on a stand-alone computer that is external to any other IBM Security Identity Manager component. See the topic "Selecting a web server topology diagram and roadmap" on the following website.

http://www.ibm.com/support/knowledgecenter/SSAW57_7.0.0/as_ditamaps/welcome_nd.html The installation and configuration of the plug-in registers the web server with the WebSphere Application Server deployment manager, and the IBM HTTP Server becomes a managed web server. We can manage a managed web server with the WebSphere Application Server administrative console.

The application server profile to which you point during the WebSphere Application Server plug-in installation and configuration is the deployment manager itself in this topology. It creates a key file called plugin-key.kdb in the app_server_root/profiles/dm_profile/etc directory. The plugin-key.kdb file contains the certificates of all federated application servers.

Push the key file to the managed web server so the plug-in can establish secure application with the application servers. For more information, see the topic "Configuring the Web server plug-in for Secure Sockets Layer" on the web site.

http://www.ibm.com/support/knowledgecenter/SSAW57_7.0.0/as_ditamaps/welcome_nd.html

  1. Create a directory on the web server host for storing the key ring file that is referenced by the plug-in and associated files. For example, create a plugin_install_root/etc/keys directory.

  2. On the WebSphere Application Server administrative console, click Servers > Web servers.

  3. Select the web server name.

  4. Click Plug-in properties.

  5. Click Manage keys and certificates to access configuration options for your keys and certificates. By default, we can change the password that protects the keystore.

  6. Click OK.

  7. Click the web server keystores button to copy the keystore and to stash files to a managed web server.

Parent topic: SSL for the IBM HTTP server and Application server plug-in