WebSphere Application Server & Liberty

Hello,

I'm investigating some issues with WebSphere Liberty for which I can't find clear answers yet. So I hope someone here can help with the following questions:

1. How can we set the variable wlp.password.encryption.key? Can it be set via an environment variable?
   We are wondering if we can set the Liberty variable wlp.password.encryption.key via and environment variable as well. As per the documentation it seems that this variable can only be set via files. Setting it in server.xml is discouraged but it seems that the variable should be set by importing files outside the Liberty profile tree. I have not found any info that this can be set via an environment variable (tested that and did not work for us). Is it correct that we can't set the wlp.password.encryption.key via an environment variable? I can imagine that this is done on purpose for security reasons but would seek confirmation
2. Which key-store is used by the feature utility? When using an https URL for the feature utility the connection fails (using http works fine). So we are wondering where we should add the signer certificate for the URL? We've added the signer of the URL's certificate to the JDKs cacerts file but that seems not to work? How can we debug that? 
3. We are using the images from the Container images documentation as the base images for out images. As the development team is reluctant to permanently using the latest liberty versions (despite the features being loaded are the same) we are supposed to build from a certain image for some time. Let's say we are building based on icr.io/appcafe/open-liberty:22.0.0.6-kernel-slim-java17-openj9-ubi. As WebSphere Liberty provides a 5 year support period with security fixes created for 2 years automatically we are wondering how this is handled with containers. For example if we use the icr.io/appcafe/open-liberty:22.0.0.6-kernel-slim-java17-openj9-ubi and build based on this image today  - will this contain all the security fixes for Liberty and the OS since its release in June 2022?
4. WebSphere Liberty is very flexible with its configuration by using the server.xml we are wondering if there is a way to remove and features via config files in ${server.config.dir}/configDropins/overrides/ which were added for example in ${server.config.dir}/server.xml? For example if a basicRegistry is configured in ${server.config.dir}/server.xml is there a way to remove that feature again using a configuration file in  ${server.config.dir}/configDropins/overrides/?

Thanks a lot in advance for clarifications of that, Hermann

Hello,

I'm investigating some issues with WebSphere Liberty for which I can't find clear answers yet. So I hope someone here can help with the following questions:

1. How can we set the variable wlp.password.encryption.key? Can it be set via an environment variable?
   We are wondering if we can set the Liberty variable wlp.password.encryption.key via and environment variable as well. As per the documentation it seems that this variable can only be set via files. Setting it in server.xml is discouraged but it seems that the variable should be set by importing files outside the Liberty profile tree. I have not found any info that this can be set via an environment variable (tested that and did not work for us). Is it correct that we can't set the wlp.password.encryption.key via an environment variable? I can imagine that this is done on purpose for security reasons but would seek confirmation
2. Which key-store is used by the feature utility? When using an https URL for the feature utility the connection fails (using http works fine). So we are wondering where we should add the signer certificate for the URL? We've added the signer of the URL's certificate to the JDKs cacerts file but that seems not to work? How can we debug that? 
3. We are using the images from the Container images documentation as the base images for out images. As the development team is reluctant to permanently using the latest liberty versions (despite the features being loaded are the same) we are supposed to build from a certain image for some time. Let's say we are building based on icr.io/appcafe/open-liberty:22.0.0.6-kernel-slim-java17-openj9-ubi. As WebSphere Liberty provides a 5 year support period with security fixes created for 2 years automatically we are wondering how this is handled with containers. For example if we use the icr.io/appcafe/open-liberty:22.0.0.6-kernel-slim-java17-openj9-ubi and build based on this image today  - will this contain all the security fixes for Liberty and the OS since its release in June 2022?
4. WebSphere Liberty is very flexible with its configuration by using the server.xml we are wondering if there is a way to remove and features via config files in ${server.config.dir}/configDropins/overrides/ which were added for example in ${server.config.dir}/server.xml? For example if a basicRegistry is configured in ${server.config.dir}/server.xml is there a way to remove that feature again using a configuration file in  ${server.config.dir}/configDropins/overrides/?

Thanks a lot in advance for clarifications of that, Hermann

Hello,

I'm investigating some issues with WebSphere Liberty for which I can't find clear answers yet. So I hope someone here can help with the following questions:

1. How can we set the variable wlp.password.encryption.key? Can it be set via an environment variable?
   We are wondering if we can set the Liberty variable wlp.password.encryption.key via and environment variable as well. As per the documentation it seems that this variable can only be set via files. Setting it in server.xml is discouraged but it seems that the variable should be set by importing files outside the Liberty profile tree. I have not found any info that this can be set via an environment variable (tested that and did not work for us). Is it correct that we can't set the wlp.password.encryption.key via an environment variable? I can imagine that this is done on purpose for security reasons but would seek confirmation
2. Which key-store is used by the feature utility? When using an https URL for the feature utility the connection fails (using http works fine). So we are wondering where we should add the signer certificate for the URL? We've added the signer of the URL's certificate to the JDKs cacerts file but that seems not to work? How can we debug that? 
3. We are using the images from the Container images documentation as the base images for out images. As the development team is reluctant to permanently using the latest liberty versions (despite the features being loaded are the same) we are supposed to build from a certain image for some time. Let's say we are building based on icr.io/appcafe/open-liberty:22.0.0.6-kernel-slim-java17-openj9-ubi. As WebSphere Liberty provides a 5 year support period with security fixes created for 2 years automatically we are wondering how this is handled with containers. For example if we use the icr.io/appcafe/open-liberty:22.0.0.6-kernel-slim-java17-openj9-ubi and build based on this image today  - will this contain all the security fixes for Liberty and the OS since its release in June 2022?
4. WebSphere Liberty is very flexible with its configuration by using the server.xml we are wondering if there is a way to remove and features via config files in ${server.config.dir}/configDropins/overrides/ which were added for example in ${server.config.dir}/server.xml? For example if a basicRegistry is configured in ${server.config.dir}/server.xml is there a way to remove that feature again using a configuration file in  ${server.config.dir}/configDropins/overrides/?

Thanks a lot in advance for clarifications of that, Hermann

------------------------------
Hermann Huebler
2innovate IT Consulting GmbH
Vienna
Austria

#IBMChampion
------------------------------