Enable SSL communications

To create the new SS-enabled port, you must:

Create a new keystore and a new truststore

Create a new keystore and a new truststore starting from the ones delivered with Datastore and located in the [Install_Path]/AIS/Tools/config/certs distribution directory:

Repeat the steps above to create a new keystore and a new truststore. Use the truststore found in [Install_Path]/AIS/Tools/config/certs/truststorePassPort.jks.

Create a new SSL configuration

Create a new SSL configuration using the previously created keystore and truststore:

  1. Go the SSL certificate and key management screen as explained in the previous step.
  2. In the Related Items section, click SSL configurations.
  3. The SSL configurations screen is displayed.
  4. Click New.
  5. Fill the form in the General Properties section and click Apply
  6.  For example:
    • Name: DatastoreSSLConfig
    • Trust store name: DatastoreTrustStore ((cell)):ITEM-A20698Node02Cell:(node):ITEM-A20698Node02:(server):server1)
    • Keystore name: DatastoreKeyStore ((cell)):ITEM-A20698Node02Cell:(node):ITEM-A20698Node02:(server):server1)
    • Default server certificate alias: tomcat
    • Default client certificate alias: tomcat
    • Management scope: (cell)):ITEM-A20698Node02Cell:(node):ITEM-A20698Node02:(server):server1

Create a new Web container transport chain.

  1. In the Integrated Solutions Console, from the left side menu, select Servers > Server Types > Websphere application servers.
  2. In the Application servers screen, click server1.
  3. In the Configuration tab for server1, go to the Container Settings section and select Web Container Settings > Web container transport chains.
  4. In the Web container transport chains screen, click New.
  5. In the Create New Transport Chain screen:
    1. In the Select a transport chain template screen, enter the values below and click Next:
      • Transport chain name: DatastoreSSLTransportChain
      • Transport chain template: WebContainer-Secure(templates/chains|webcontainer-chains.xml#Chain_2)
    2. In the Select a port screen, select Create a new port, enter the values below and click Next:
      • Port name: DatastoreSSLPort
      • Host: *
      • Port: 9776
    3. Click Finish to confirm the new transport chain creation.
    4. In the Web container transport chains screen, select the transport chain you just created to configure it.
    5. In the General Properties section of the Configuration screen, go to Transport Channels and click SSL inbound channel (SSL 4).
    6. The Configuration screen of the channel is displayed.
    7. In the SSL Configuration section, select Specific to this endpoint.
    8. Select the SSL Configuration from the drop-down list: DatastoreSSLConfig.
    9. Click Apply.

Add the new SSL enabled port to the virtual host.

  1. In the Integrated Solutions Console, from the left side menu, select Environment > Virtual hosts.
  2. In the Virtual hosts screen, select default host.
  3. The default host Configuration screen is displayed.
  4. In the Additional Properties section, click Host Aliases.
  5. In the Host Aliases screen, click New.
  6. In the new host Configuration screen, enter the values listed below and click Apply.
    • Host name: *
    • Port: 9776
  7. Restart the server.

Related Links