Enable remote access to servers
Overview
The portal site management publish feature requires at least two portal systems: a source system, where you create new pages that you need to publish, and a target system, where you make the new pages visible to portal users. For the source and target servers, you can use two different portal environments, including virtual portals on the same or different environments. In order to display the contents of the systems in the Resource Manager portlet, verify they are configured properly. By default, the portal server is pre-configured to allow remote access. However, more complex production and security configurations might disable this access. If any of the servers are enabled for Secure Socket Layer (SSL), perform additional steps on the server where you will manage site.
A WAS Trust Association Interceptor (TAI) is used to authorize access to the servers. Verify whether the TAI is enabled in the WAS administrative console. If it is not enabled, run the task enable-http-basic-auth-tai-sitemgmt, as described in the following. If the source server is configured with SSL, configure it to trust its own Web server. If the target server is also configured with SSL, configure the source server to trust the target Web server and its nodes, and also configure the target server to trust its own Web server.
If you have virtual portals, run the task enable-http-basic-auth-tai-sitemgmt only on the default virtual portal.
cd WP_PROFILE/ConfigEngine
ConfigEngine.sh enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=foo -DWasPassword=fooUse -DPortalAdminPwd=foo -DWasPassword=foo to specify the portal and WAS passwords.
This task uses the settings in the file wkplc_comp.properties to configure the TAI. Although the TAI settings are pre-configured to work without requiring adjustment, you can change the TAI settings after running the task if you need to configure the TAI differently. If you do this, consult the reference topic about Properties for the Trust Association Interceptor in the portal information center.
Stop and restart the portal.
If you have SSL configured. Establish trust between two WebSphere cells:
- For preparation, determine the URL to the administrative console of the client WebSphere cell.
For example, this can be similar to https://myclientserver.yourco.com:9043/ibm/console.
- Open the administrative console by using the URL that you obtained by the previous step.
- Click Security -> SSL certificate and key management -> Key stores and certificates.
- On the Key stores and certificates panel click CellDefaultTrustStore or NodeDefaultTrustStore, depending on whether you have a cluster or single node configuration.
- On the xxxDefaultTrustStore panel, locate the column Additional properties and click Signer certificates.
- On the Signer certificates panel click the button Retrieve from port.
- Fill in the fields and select the options as follows:
Host
The host name of the client server, for example your_target_server.your_co.com.
PortThe secure port on the client server, for example 9043.
SSL configuration for outbound connectionSelect the SSL configuration for the outbound connection, such as CellDefaultSSLSettings or NodeDefaultSSLSettings.
AliasThe alias name, for example name_of_your_alias.
- Click the button Retrieve signer information.
The signer information is displayed. If you see the error message CWPKI0661E: Unable to get certificate signer information from host name "yourtargetserver.yourco.com" and port "9043". Verify host name and port are correct, this can usually be for one of two reasons:
- A certificate has already been imported from the target location.
- A previously deleted certificate has not timed out and been removed.
- Click OK.
Your alias is now shown in the list.
- Click Save.
- Stop and restart the portal.
- Optional. At this time, if you have a clustered environment without automatic synchronization, you need to resynchronize the node agents.
Parent
Manage the site
Related tasks
Configure resource management
Manage the servers
Publish page
Provide reviewer access to a published page
Promoting page
Demoting page
Republishing and promoting a page
Enable HTTP Basic Authentication for simple clients
Portal Scripting Interface extension for site management