If you have client applications that are deployed in the WebSphere® Application Server Liberty profile, then you can
configure the Liberty profile for HTTPS, which automatically uses
SSL and data encryption for secured web servers.
Procedure
- Run the following command to create the SSL certificate
and enable HTTPS:
cd to lib_dir\bin
securityUtility createSSLCertificate --server=defaultServer --password=xc10test
- Add the following SSL feature to the server.xml file to configure the Liberty profile to run SSL data encryption:
<featureManager>
<feature>ssl-1.1</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="{xor}MjowbTI+Kyw=" />
- Start the Liberty profile using the following command:
./server start servername
A PID is displayed.
- Open the session application using the following URL:
http://server:securedport/A/
- Perform session testing to verify that the data is written
to the session grid in the appliance.
SSL-enabled server definition file example
Some lines of code are displayed on multiple lines for publication
purposes.See the following example of an advanced
server.xml file configuration that uses the SSL feature. This example is displayed
on multiple lines for publication purposes.
Note: Beginning in Version
2.5, the feature version numbers changed from webApp-1.0 to webApp-1.1.
<server description="new server">
<!-- Enable features -->
<featureManager>
<feature>jsp-2.2</feature>
<feature>eXtremeScale.server-1.1</feature>
<feature>eXtremeScale.webApp-1.1</feature>
<feature>ssl-1.1</feature>
</featureManager>
<httpEndpoint id="defaultHttpEndpoint"
host="*"
httpPort="9080"
httpsPort="9443">
<!--tcpOptions soReuseAddr="true" / -->
</httpEndpoint>
<keyStore id="defaultKeyStore" password="{xor}Jzxubys6LCs=" />
<xsWebApp objectGridName="session" catalogHostPort="remoteHost:2809" securityEnabled="true"
credentialGeneratorClass="com.ibm.websphere.objectgrid.security.plugins.builtins.UserPasswordCredentialGenerator"
credentialGeneratorProps="xcadmin xcadmin"/>
<applicationMonitor updateTrigger="mbean"/>
<application id="A" location="A.ear" name="A" type="ear"/>
<httpSession cloneId="A_test"/>
</server>
What to do next
To set the SSL configuration between the
Liberty profile and the data grid
container, specify the client transport type in the client properties
file. The possible values are:
- TCP/IP: Indicates that the client only supports
TCP/IP connections.
- SSL-Supported: Indicates that the client
supports both TCP/IP and Secure Sockets Layer (SSL) connections. (Default)
- SSL-Required: Indicates that the client requires
SSL connections.