1. HTML Server on WebSphere Reference Guide for UNIX
  2. Configuring AIS Server over SSL on WebSphere Server (Release 9.2.4)

Configuring AIS Server over SSL on WebSphere Server (Release 9.2.4)

During the promotion of the AIS server port, the scf_<Managed_Instance_Name>.conf file is regenerated at the ..IBM/HTTPSerevr/conf location. If the SSL entries have been previously configured, the manually configured SSL changes will not be preserved as part of the promotion. Therefore, you must configure the SSL entries as a post-promotion step.

To add the SSL section to the AIS server related scf_<Managed_Instance_Name>.conf file.

  1. Promote the AIS port using the Server Manager Console.

  2. Take a backup of the existing scf_<Managed_Instance_Name>.conf file.

    Typically, the scf_<Managed_Instance_Name>.conf file is located on the machine where the Websphere Application Server is installed at ../IBM/HTTPSerevr/conf.

  3. Open the scf_<Managed_Instance_Name>.conf file using an editor and modify the section by adding the SSL port details and the SSLEnable, SSLDisable, and KeyFile details as shown below.

    In this context, the actual non-ssl port is 26065.

    This image is described in surrounding text.

    After adding the SSL section, the overall content of the scf_<Managed_Instance_Name>.conf file should look like this:

    Listen 0.0.0.0:26065
<VirtualHost *:26065>
Alias /studio "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/Studio.war"
Alias /jderest "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/JDERestProxy.war"
</VirtualHost>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/Studio.war/WEB_INF">
Require all denied
</Directory>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/Studio.war">
Require all granted
</Directory>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/JDERestProxy.war/WEB_INF">
Require all denied
</Directory>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/JDERestProxy.war">
Require all granted
</Directory>
 
Listen 0.0.0.0:26066
<VirtualHost *:26066>
Alias /studio "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/Studio.war"
Alias /jderest "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/JDERestProxy.war"
SSLEnable
</VirtualHost>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/Studio.war/WEB_INF">
Require all denied
</Directory>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/Studio.war">
Require all granted
</Directory>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/JDERestProxy.war/WEB_INF">
Require all denied
</Directory>
<Directory "/slot/ems2882/appmgr/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/den02iegNode01Cell/tqa_923_aix_ais_den02ieg_26065.ear/JDERestProxy.war">
Require all granted
</Directory>
KeyFile /slot/ems2882/appmgr/IBM/HTTPServer/oracacert/den02iegkey.kdb
SSLDisable

  4. Save the file.

    Ensure that the httpd.conf file at the same location has the include entry for the scf_<Managed_Instance_Name>.conf file as shown:

    This image is described in surrounding text.

  5. Login to WebSphere Admin Console and redirect to the virtual hosts section in the Environment menu.

  6. Click vh_<Managed_Instance_Name>.

    This image is described in surrounding text.

  7. Click the Host Aliases link.

    This image is described in surrounding text.

  8. If you do not see the SSL port under Host Aliases, add it by clicking the NEW button and then save the configuration.

    This image is described in surrounding text.

  9. Navigate to Servers, Server Types, Web servers, and select the related web server.

    This image is described in surrounding text.

  10. Click the Generate Plug-in button.

    This image is described in surrounding text.

  11. After the Plug-in is generated, click the Propagate Plug-in button.

    This image is described in surrounding text.

  12. Bounce the corresponding AIS server port using the Server Manager Console.

  13. Verify that the correct location of plugin-cfg.xml file is referenced in the httpd.conf file.

  14. Restart the IBM HTTP server.