Configuring the Listener Service
Perform these tasks to configure the listener service:
Configure SSL for the Listener Service on a IBM HTTP Server.
To configure SSL for the listener service on an IBM HTTP Server:
Open IKeyman tool (ikeyman.bat under:<IBM_HTTP_SERVER_INSTALL_ROOT>\bin).
On the New screen, select CMS from the Key database type list and complete these fields to create a new key database file:
File name
Enter a name or click the Browse button to select a key database file.
Location
Enter the path to the key database file.
Click OK.
The Password Prompt window opens.
On Password Prompt, enter a password in the Password and Confirm Password fields, and then select the "Stash password to a file?" option.
On Create New Key and Certificate Request, enter the name of the new certificate in the Common Name field. Enter the name of the file where the certificate request is stored, and click OK.
Select Personal certificate requests from Key database context menu and click New.
Provide the required information. The Certificate Request File is created at <IBM_HTTP_SERVER_INSTALL_ROOT>\bin. By default it is certreq.arm.
Create a CSR at any Certificate Authority with the Certificate Request information contained in the Certificate Request File.
Also, obtain Root CA and Intermediate CA certificate from the Certificate Authority vendor.
Select the Signer Certificates option from Key database content.
Add the Root CA and then Intermediate CA by clicking Add.
Select the Personal Certificates option from Key database content. Add the certificate provided by CA by clicking the Receive option.
Save the file. A key database file with extension.kdb is created.
Go to the file <IBM_HTTP_SERVER_INSTALL_ROOT>\conf\httpd.conf and add the following to the VirtualHost:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 443 <VirtualHost DENOSCL244.mlab.jdedwards.com:443> SSLEnable SSLClientAuth none </VirtualHost> SSLDisable Keyfile "C:\Program Files\IBM\IBM HTTP Server\bin\key.kdb"
Customize it according to your environment.
DENOSCL244.mlab.jdedwards.com - DNS Name Keyfile "C:\Program Files\IBM\IBM HTTP Server\bin\key.kdb" -Key Database
Go to plugin-cfg.xml under <WAS_INSTALL_ROOT>/Plugin/config/webserver1, where webserver1 is the webserver name.
Add <Uri Name="/ListenerService/ ListenerService"/> under the node UriGroup.
Add <VirtualHost Name="*:443"/> under node VirtualHostGroup
Go to plugin-cfg.xml under<WAS_INSTALL_ROOT>/profiles/default/cells/DENOSCL244Node01Cell/node/webserver1_node/servers/webserver1.
Add <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ListenerService/ListenerService"/> under the node UriGroup.
Add <VirtualHost Name="*:443"/> under node VirtualHostGroup
Restart WAS.
Restart IBM HTTP Server.
Deploy the Listener service.