, I’m trying to install my application to IBM liberty to check if it compatible or not, to start the migration process, but I have this warning message in my server.xml, however I have configured the key store entry and the SSL entry as follow, also I’m getting this error message when I try to start the application, please help me to solve this.

The enabled features require that a keyStore element and a user registry are defined in the server configuration. Use the server configuration editor to add these items.

[ERROR   ] CWWKS9113E: The SSL port is not active. The incoming http request cannot be redirected to a secure port. Check the server.xml file for configuration errors. The https port may be disabled. The keyStore element may be missing or incorrectly specified. The SSL feature may not be enabled.

Liberty has an SSL configuration that is called defaultSSLConfig and that defines the default SSL settings for both inbound and outbound SSL connections.

You have defined an SSL configuration for outbound (ssl id="SSLCeritifcate") but nothing for inbound.

Therefore Liberty will not find the required settings for the inbound. Please take a look at the link below and add the settings for defaultSSLConfig.

https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_config_ssl_outbound.html

Thank you Lars for your reply I really appreciated, I have tried to follow the link provided by you and I added to SSL one for inbound and one for outbound but still I can see the warning message and the same error, also  The feature 'transportSecurity-1.0' is not recognized.

Hi, I still cannot find any keystore definition for defaultSSLConfig. Either create an entry

<ssl keyStoreRef="LDAPKeyStore" trustStoreRef="LDAPTrustStore" />

or change your sslDefault settings from
<sslDefault outboundSSLRef="alternateSSLSettings" />
to
<sslDefault sslRef="hbeu-ADAMwas70" outboundSSLRef="alternateSSLSettings" />
to describe how your default inbound ssl is named.
https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.liberty.autogen.base.doc/ae/rwlp_config_sslDefault.html

In addition you have a blank in the id in the line <ssl id="hbeu-ADAMwas70 " keyStoreRef="LDAPKeyStore" trustStoreRef="LDAPTrustStore" />
This could also cause issues.

transportSecurity feature is available in 17002+ 

run the following command to generate the key file and a certificate 

./securityUtility createSSLCertificate --server=defaultServer --password=default  [note: if your server name is different, then change it in the command] 

in the output , you'll the config to be added to the server.xml . Added it to your server.xml

for the LDAP config ... use the following [for active directory]

Add the below features to server.xml

<feature>appSecurity-2.0</feature>
<feature>ldapRegistry-3.0</feature>

Add below config to configure Active directory connection. Dont forget to replace the variables above

<ldapRegistry id="ldap" realm="${ldap_domain}"
host="${ldap_host}" port="${ldap_port}" ignoreCase="true"
baseDN="${ldap_baseDN}"
bindDN="${ldap_bindDN}"
bindPassword="${ldap_password}"
ldapType="Microsoft Active Directory"
sslEnabled="true"
sslRef="defaultSSLConfig">
<activedFilters
userFilter="(&(sAMAccountName=%v)(objectcategory=user))"
groupFilter="(&(cn=%v)(objectcategory=group))"
userIdMap="user:sAMAccountName"
groupIdMap="*:cn"
groupMemberIdMap="memberOf:member" >
</activedFilters>

Since you are using a SSL connection to LDAP , you should trust the LDAP certificates in your liberty keystore for the SSL handshake to be successful. 

In Reply to Omar Adel:

Thank you Lars for your reply I really appreciated, I have tried to follow the link provided by you and I added to SSL one for inbound and one for outbound but still I can see the warning message and the same error, also  The feature 'transportSecurity-1.0' is not recognized.

 

Cheers

Jose

Thanks to you and Lars , I believe the LDAP integration works fine now However i have another issue where the server keep complaining about parsing my JSP page, seems that they import for my jpa entities is not working fine, however the same code is working fine on WAS 7,

Code snippet

<%@page      import="java.util.*"%>

<%@page import="com.hsbc.hbeg.hae.dao.entities.Employee"%>

<%

   response.setHeader("Cache-Control","no-cache");

response.setHeader("Pragma","no-cache");

response.setDateHeader ("Expires", 0);

Employee LoginEmployee = (Employee) request.getSession().getAttribute("LoginEmployee");

   if (LoginEmployee == null) {

       RequestDispatcher dispatcher = request.getRequestDispatcher("/pages/login.jsp");

       dispatcher.forward(request, response);

   }

   // get the direct report employees form the request scope

              List DirctRportEmps =(List) request.getSession().getAttribute("DirctRportEmps");

%>

Error :

com.ibm.ws.jsp.JspCoreException: JSPG0049E: /pages/Attendance/Attendance.jsp failed to compile : JSPG0091E: An error occurred at line: 15 in the file: /pages/Attendance/Attendance.jsp JSPG0093E: Generated servlet error from file: /pages/Attendance/Attendance.jsp C:\swdtools\IBM\WAS Liberty profile basic installation\wlp\usr\servers\newBasicServer\workarea\org.eclipse.osgi\bundles\78\data\temp\default_node\SMF_WebContainer\hbeg-hae-ear\HR_Attendance_Enquiry-1.0\pages\Attendance\_Attendance.java : 172 : Employee cannot be resolved to a type JSPG0091E

Hi, 
I am guessing only. 

try 

Employee LoginEmployee = (Employee) ( request.getSession().getAttribute("LoginEmployee"));

Balraj