Scenario 1: Enabling SSL between IBM HTTP Server and WebSphere Application Server servers : Mashup Center 2.0Added by IBM on December 2, 2009 | Version 1 (Original, Show current)
Contents: Planning, installing, and configuring Mashup Center : Mashup Center 2.0
In this step, you will enable SSL between IBM®
HTTP Server and WebSphere Application Server servers.
- Do the following steps to locate the kdb used by IBM HTTP Server in the plug-in.xml file:
- Open the configuration file HTTPServer_install_root\\Plugins\\config\\webserver1\\plugin-cfg.xml.
- Find the following section, and take note of the plugin-key.kdb and plugin-key.sth files:
<Transport Hostname="MUMIVT1.ibm.com" Port="9080"
Protocol="http"/> <Transport Hostname="MUMIVT1.ibm.com"
Port="9443" Protocol="https"> <Property Name="keyring"
<Property Name="stashfile" Value="c:\\IBM\HTTPServer\\Plugins\\
- Locate the plugin-key.kdb that IBM HTTP Server uses as default.
- Find the kdb used by each server. For each node, the root-key.p12 file is typically located in MashupCenter_install_root\\mm_profile\\config\\cells\\Cell01\\nodes\\Node01. For the Deployment Manager server, the file is typically located in WAS_install_root\\AppServer\\profiles\\Dmgr01\\config\\cells\\Cell01.
- Do the following steps to open the WebSphere Application Server ikeyman file to export the certificate from the two server nodes and the Deployment Manager servers:
- Run the ikeyman.bat file. For each node, this file is typically located in C:\Program Files\IBM Mashup Center\AppServer\bin\ikeyman.bat. For the Deployment Manager server, this file is typically located in C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\ikeyman.bat.
- To open the root-key.p12, click Key Database File -> Open to open the keyDB file selection window.
- In the File Select dialog, select PKCS12 in the Key database type field.
- Click Browse and open the appropriate file for each of the servers in the cluster. For each node, the appropriate file is MashupCenter_install_root\\mm_profile\\config\\cells\\Cell01\\nodes\\Node01\\root-key.p12. For the Deployment Manager server, the appropriate file is WAS_install_root\\AppServer\\profiles\\Dmgr01\\config\\cells\\Cell01\\root-key.p12.
- Click OK.
- When prompted for the password, type WebAS. Now the root key store file is open.
- Select the default certificate under Personal Certificates.
- Click Extract Certificate.
- Type the name of the certificate file WASKeyP12cert.arm and specify the location for each of the servers in the cluster. The location for the primary node is C:\prim\. The location for all other nodes is C:\sec\. The location for the Deployment Manager server is C:\dm\ .
- Copy the WASKeyP12cert.arm files from C:\prim\ and C:\sec\ from the primary and secondary nodes so that they are available for configuring the IBM HTTP Server in the WebSphere Application Server Deployment Manager server.
- Now that you have exported the certificates from the Mashup Center cluster, import the certificates into IBM HTTP Server by doing the following steps:
- Open plugin-key.kdb using ikeyman using CMS as key store type.
- In the Signer Certificates list, click Add to add these the three WebSphere Application Server keys.
- Restart IBM HTTP Server.
Parent topic: Scenario 1: Configuring a clustered environment in which Lotus Mashups and MashupHub are installed on the same servers : Mashup Center 2.0
Previous topic: Scenario 1: Enabling SSL on IBM HTTP Server : Mashup Center 2.0
Next topic: Scenario 1: Specifying the cluster name : Mashup Center 2.0