IBM Z and LinuxONE - Group home

Enable secure http for HOD and HACPEE in the embedded server

HACP & HATS User Group|Sathiya Priya|Jan 5, 2023

  

Purpose of the document

This guide provides information on how to enable a Secure connection on HACPEE.

Enable HTTPS Secure connection:

1.From the HOD installation package Right-click on the Certificate management tool and select Run as administrator.

2.Create a HODServerKeyStore.jks to store a self-sign certificate.

  
  Steps to create the “HODServerKeyStore.jks”

  1. Click Key Database File and select
  2. Select the Key database type as JKS.
  3. Click Browse… and navigate to the HOD Installation directory to store this file.

          Example ‘C:\Program Files\ibm\HostOnDemand1404\bin’.

     d.Enter the File Name as ‘jks’ and click OK.


     e.The tool will prompt the user to set the password for the jks file. Enter the password and confirm password fields with the value ‘hodpwd’.
     f.The HODServerKeyStore.jks file is created in the selected location.

Steps to Create the Self-sign certificate

  1. Click New Self-Signed…
  2. Provide the Key Label as HTTPs and the Key Size as 2048.
  3. Update IP Address as Machine IP of HOD server


       iv.Click OK and extract the self-sign certificate. After Extracting, the certificate needs to add under cacerts.


    V.Now the certificate has successfully been added to the HODServerKeyStore.jks file

3.Restart the HOD Service Manager.

Import self-signed certificate in HOD client machine:

      4.Navigate to https://<HODServerIP:serverPort>/contextroot/ click certificate error   and export the browser certificate.

           Example: https://<HODServerIP>:8443/hex/

     5.Import/Install the exported browser certificate into msc (Win+R àRun) under Trusted root certificate.
     6.Clear the browser cache and restart the browser. Again, access the same HACPEE URL mentioned under step 4. Now the user can see the secure connection with the lock symbol.

To access the HACPEE Admin console:

  1. Go to HOD Product Installed location “C:\Program Files\ibm\HostOnDemand1404\hod_jre\jre\lib\security\cacerts”
  1. Open the cacerts file using the Certificate Management tool and enter the password as “changeit”.
  2. Go to Signer certificate and click Add… to add the certificate (Mentioned in Enabling HTTPS Secure connection step 2-iv) and Click OK.

  1. Open zfp_overrides.xml from the location “C:\Program Files\ibm\HostOnDemand1404\lib\config\zfp_overrides.xml”
  2. Update the “ConfigServer” param-value as HODServerIP
  3. Update the “HODWebServerPort” param-value as 8443
  4. Update the “HODWebServer” param-value as https://HODServerIP


  1. Save the file and restart the HODService Manager.
  2. Clean the cache and restart the browser.
  3. Navigate to https://<HACPEEServerIP:port>/<Contextroot>/adminconsole and Login with credentials.




    Contact us
    For further information and Lab services offerings, please write to:
    ZIO@hcl.com

    Sathiyapriya
    QA Engineer, Lab Services, IBM HACP & HATS