IBM Asset & Facilities Management Your destination for peer and expert insights to help unlock the power of data with AI and Asset & Facilities Management to advance your digital reinvention. Join / Log in
I have a Maximo application running in a secure environment isolated from the internet on the standard port 80, non-ssl.
We have an external server proxying that Maximo environment exposing it to the internet, that is configured with the domain and is using HTTPS, port 443, etc. When we get logged in to Maximo, the links for the .css/.js/etc files on the page are loaded as http:// (see below,) which is causing mixed content warnings and those assets not loading properly.
There is a forced redirect so these files do resolve if fetched on their own, however the browser doesn't like the mix of http and https.Is there a way around this, system property, HTTP header, or otherwise that I can get Maximo to point to https:// or do I need to move the application over to https behind the scene and Proxy in that way?
Andrew,I'd look at this from the reverse proxy side. From my experience they typically offer features to redirect embedded URLs.
You should be able to rewrite it using the load balancer/proxy. You can look at setting the maximo_extended_host, maximo_extended_host_port, & maximo_extended_host_protocol system properties to force Maximo to use something different than what it sees. But it would force it for everyone all the time and would apply to all interactions (even if you manually tried to access a specific JVM for example).Getting your Maximo environment to support SSL on the internal network is probably your best bet to support all scenarios.
we've a somehow similar setup internally (not exposed to public but internally) where we use Netscaler with SSL offload. Behind Netscaler we've a set of two VMs, both run an IBM HTTP server and on each of the VM are two JVMs. so its somehow like this:
As you mentioned, we've added a HTTP header in Netscaler (HTTP_X_FORWARDED_PROTO) which is appended to each package sent to HTTP Servers. The property is also added to WebSphere Config:Servers > Server Types > WebSphere application servers > (JVM1-x) > Web Container Settings > Web Container > Additional Properties > Custom Properties > New…httpsIndicatorHeaderHTTP_X_FORWARDED_PROTODetect if SSL Offloading is presentAnd of course, within SSL config in WebSphere we've to import the Certificate which the SSL Offloaded uses to have a functional key chain.WebSphere Admin Console > Security > SSL certificate and key management > Key Stores and certificatesSelect "CellDefaultTrustStore" > Additional Properties > Signer Certificates > Retrieve from port > add your host/port > OK / Save