• Websphere Installation notes
• IBM Websphere SSL Installation notes
• Setting up the ULC Servlet into IBM Websphere

This section lists a few hints that may help you get started with SSL and IBM Websphere Application Server 3.02. This section is meant purely as additional information and is by no means a guide to installing WebSphere and/or SSL support.

Testing of SSL was done using the built-in support for SSL in the IBM Websphere 3.02 advanced release and on the UIEngine side the >Sun JSSE 1.0.2 class libraries were used.

Install Websphere 3.02 Full Install
Follow all the install instructions for the WebSphere installation
Ensure that the httpd.conf and admin.conf contains the ServerName directive
eg:

ServerName localhost

You need at least DB2 6.1 with fixpack 2 (This was the configuration that ULC testing was done with)
Ensure that you are using IBM JDK 1.1.8 (the docs say 1.1.7a but I could never get it to work without 118)

Note: Ensure the java_home property is set to point to the JDK118

Note ensure that the userid used to install websphere has sufficient authority to install a service etc. I found it easier to use a single userid/password for websphere/db2 and the IBM Web server.
Ensure that the IBM Web server starts and you are able to connect to it from a webbrowser.
Ensure that ALL the DB2 services are started.
Install the sample databases and the administration repository databases (see websphere installation notes).
Start the IBM WS AdminServer service.
Start the Admininstrators console from the websphere folder and ensure that you are able to access and configure your websphere application server.
Test the Websphere server by running the WebSphere sample servlets.

Start the IKEYMAN Key Management tool.
Open an existing or Create a new Key database. (eg: key.kdb)
Stash the password for the database into a file (eg: key.sth).
Create a new Self Signed Certificate (eg: Named: RevaSoft).

Note: DO NOT enter values for the ZIP Code field (This field is not understood by the java keytool/keystore and will generate an exception).
Extract the certificate to a file
Browse the web server administration pages and create a Virtual Host on your test machine. (Configuration Structure->Create Scope).

Note: Enter the IP address of the test machine. The port should be 443. Give your virtual host a name (eg: test.somename.com) and ensure that this name resolves to the IP address that you just specified. You can do this by adding an entry in your hosts file.

Go to The Security->Server Security section and enable the SSL Security for this virtual host.
Go to The Security->Host Authorization and enable the SSL Security for this virtual host.
Enter the name of the certificate that you created earlier as well and add all the Cipher specification you want to use)
Apply the changes and restart your IBM Web server.

The important lines in the httpd.conf file are: (Your configuration may be different)

Some sample entries in my working WebSphere
installation (httpd.conf ) file
#
ServerName localhost
#
LoadModule ibm_app_server_module
f:/WebSphere/AppServer/bin/mod_ibm_app_server.dll
LoadModule ibm_ssl_module modules/IBMModuleSSL56.dll
#
AfpaEnable
#
Listen 443
#
Keyfile f:/websphere/ibmhttpserver/key.kdb
SSLV2Timeout 30
SSLV3Timeout 30

VirtualHost 192.168.0.100:443>
ServerName revamaa-001.revasoft.com
ServerPath f:/websphere/ibmhttpserver
SSLEnable
SSLClientAuth none
SSLServerCert RevaSoft
SSLCipherSpec 22
SSLCipherSpec 24
SSLCipherSpec 26
SSLCipherSpec 30
SSLCipherSpec 31
SSLCipherSpec 32
SSLCipherSpec 33
SSLCipherSpec 39
VirtualHost
** End of sample entries in the httpd.conf file **

The IP address defined as the virtualHost responding to HTTPS must have its own hostname alias.
Edit your hosts file and add an entry eg:

192.168.0.100 revamaa-001.revasoft.com

It is also important that the servername matches the Common name in your certificate that is being used otherwise a SSL security exception will occur during the SSL HostName verification handshake.
From the WebSphere Administrators Console go to the Topology page and select the default_host and go to the Advanced page.
In the Aliases section add your Virtual Host Name with the HTTPS port 443.
eg:

revamaa-001.revasoft.com:443

Locate the Java Runtime environment you are going to use (eg: \jdk1.3\jre) and import the certificate into your \jdk1.3\jre\lib\security\cacerts keystore using the command:

keytool -keystore c:\jdk1.3\jre\lib\security\cacerts
-storepass changeit
-import -alias revamaa-001
-file c:\MyExtractedCertificate.arm

Edit the \jdk1.3\jre\lib\security\java.security file and add the JSSE Provider classes to the list of security providers as described in the JSSE installation notes.
eg:

security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider

Verify that the WebSphere server is responding to https requests by running some of the sample servlets.
eg:

https://revamaa-001.revasoft.com/servlet/hello

If all the above works you are now ready to setup the ULCServlet.

The ULCServlet is a generic servlet that is used to run all ULC sample applications as servlets.
From the Administrators Console go to The Topology page and expand the Default Server->servletEngine tree
Select the servletEngine entry and from your popup menu choose Create a new "Web Application".
Enter ULC as your web application name and enter /ulc/ as the Web application path let the Virtual host be default_host
Now select this ULC web application and from the popup menu choose "Create Servlet"
Enter UlcServlet as the servlet name and com.revasoft.ulc.http.UlcServlet as the class name
Click the Add button to add a Servlet Web Path List and enter /ulc/servlet/com.revasoft.ulc.http.UlcServlet
From the advanced page choose the option Load on Startup: true
Complete the servlet creation process by clicking the Create button
Ensure the default server is running and you have followed the steps to install the HTTP Tunnelling code into your ULC release as well as the installation of the JSSE class libraries.

IMPORTANT: ensure that the UlcTransport.properties file used on the Web server side as well as the UIEngine is the updated properties file which contains the entries for the http and https protocol.
Install the ULC sample applications (eg Dossier) into the ULC web application directory
From the ULC UIEngine\bin directory execute the following command

If the above works you can then test https connectivity
eg:

The Dossier sample should start running and if the ORBMonitor was enabled the connection label should indicate that it is a https connection.

If for any reason the sample does not start running check the IBM WebSphere server error.log as well as the UIEngine console for any exceptions that may have been thrown during the SSL handshaking.