WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to add a personal SSL certificate at Endpoint_WC_adminhost_secure_personal_certificates

  • 1.  How to add a personal SSL certificate at Endpoint_WC_adminhost_secure_personal_certificates

    Posted Mon December 12, 2016 11:30 PM

    I want to route IHS traffic for example 'https:mypersonal.domain.net' through our load-balancers directly to the app-server WC_adminhost_secure port (IE 9091, etc). (no webServer invovled). I suspect I should be able to do this following these steps -->

    Security > SSL certificate and key management > Manage endpoint security configurations > Inbound > nodes > (NodeDefaultSSLSetting) > Servers > JVMname > WC_adminhost_secure > Manage certificates

    Currently there is the default self-signed cert from the server hostname.

    We do not want to terminate this SSL connection on the Load-Balancer or webServer - we want to terminate it on the JVM WC_adminhost_secure port with its 'personal certificate' issued by Root CA...

    Is this possible...

    Perry B.



  • 2.  RE: How to add a personal SSL certificate at Endpoint_WC_adminhost_secure_personal_certificates

    Posted Tue December 13, 2016 01:26 AM

    Hi Perry,

    Good Day.

     

    Firstly, 9091 - Is this a secure port ? Hope its not. As fat as i know it should be a non secured port.

    If you are looking to use the application with the WC_defaultadminhost_Secure ,  you can add the KDB file of the IHS to the default keystore, and you can remove the default certificate present and change the default as the imported KDB file. By this, you can access the Application with the WC_adminhost_secure, which should be 9444 , something like this.

     

    Hope this helps.

    Let me know anything else is required.

    Thanks



  • 3.  RE: How to add a personal SSL certificate at Endpoint_WC_adminhost_secure_personal_certificates

    Posted Tue December 13, 2016 04:07 AM

    Hi Perry,
      Yes you can redirect from Load-Balancer to WC_defaultadminhost_Secure. To do that you need redirect from Load-Balancer to WAS using https protocol and exchange Load-balancer certificate CA with WAS CA. That way Load-Balancer will redirect trafic securely to WAS.
     
      Some questions,
     
      WC_adminhost_secure is the port defined for Admin Console, for applications usually the secure port is WC_defaulthost_secure are talking about the same?
     
      Do you want that the WAS do a client certificate authentication? that is when you are hiting your application the authentication chalenge is done using client certificate.
     
      WebSphere Application Server V7.0 Security Guide
      http://www.redbooks.ibm.com/abstracts/sg247660.html?Open&pdfbookmark
     
      Chapter 8.7 Configuring client certificate authentication
     
      You can change you self-signed certificate from one issue by YOUR Root CA. Take a look to the next link
     
      How do I replace the WAS self signed SSL certificate with a CA certificate?
      https://developer.ibm.com/answers/questions/209787/how-do-i-replace-the-was-self-signed-ssl-certifica.html

      Hope this helps. Tell us if you need more support
     
     
    Regards



Related Content