Enable SSL between WebServer (plugin-in) and the WebSphere Application Server

To setup a new SSL-Connection between a IBM HTTP Server (IHS) and your WebSphere Application Server (6.1) a (self-signed) CA SSL certificate has to be propageted to all involved servers.

When setting up a IHS via the administrative console SSL between IHS and WebSphere AppServer should be enabled by default.

1. First take a look at your plugin-cfg.xml of your IHS installation and search for the entry <Property Name="keyring"...>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="server1_testNodeoglxanclatest32Bit_Cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">
<Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="testNodeoglxanclatest32Bit_server1" ServerIOTimeout="0" WaitForContinue="false">
<Transport Hostname="oglxanclatest" Port="9080" Protocol="http"/>
<Transport Hostname="oglxanclatest" Port="9443" Protocol="https">
<Property Name="keyring" Value="/opt/HTTP/Plugins/config/test-webserver/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/HTTP/Plugins/config/test-webserver/plugin-key.sth"/>
</Transport>
</Server>
</ServerCluster>

This tags defines the location of the Key-Database for the secure connection between your IHS and your AppServer.
2. In administrative console of WebSphere go to Servers > WebServers > "your webserver" > Plugin-in properties


On this page all necessary entries should be done automatically. To re-copy the default plugin-in.key to your IHS press "Copy to Webserver key store directory".
3. Restart your IHS
###############################################################
To manually setup SSL between IHS and WebSphere first locate the plugin-key.kdb on your AppServer. Than copy over the plugin-key.kdb to the IHS into the specified location (get location form picture above). Then edit the plugin-cfg.xml of the IHS (see tag from step 1). Then restart your IHS and your WebSphere instance.