Enable SSL
Overview
The connect.cfg setting UseSSL is controls the use of SSL in Web Content Management (WCM). If the value for this setting is false, then SSL support will NOT be used. The default value is true, which allows one to browse sites using HTTPS through a WCM proxy. There should be no need to change any business logic code, as the HTTPConnector will automatically use HTTPS if required.
WCM uses the IBMJSSE SSL provider that comes with Websphere by default. To configure another SSL provider optional settings should be added to connect.cfg. After configuring websphere to work with your new SSL provider, modify/add the following lines, specifying the new SSL Provider class name and https URL handler respectively.
<UseSSL value=true />You will be able to test your configuration by using a WCM solution as a proxy and browsing sites that use HTTPS and valid certificates. A few to try are:
<SSLProviderClassName value=com.ibm.jsse.IBMJSSEProvider />
<SSLProtocolHandlerPkgs value=com.ibm.net.ssl.internal.www.protocol />
- https://www.verisign.com
- https://www.thawte.com
To try these sites through a WCM solution, use URLs like the following:
- http://[HOST]:[PORT]/wps/wcm/connect?MOD=Web&SRV=HTML&ACTION=https://www.verisign.com/
- http://[HOST]:[PORT]/wps/wcm/connect?MOD=Web&SRV=HTML&ACTION=https://www.thawte.com/
Certificates
By default, JSSE (and thus a WCM solution) will only accept valid certificates signed by VeriSign and Thawte. To accept certificates signed by other CAs, add that CA certificate to your list of CA certificates so that a valid CA certification chain can be established.
To do this, use the program keytool, provided with the JRE and JDK. Keytool is an application for the management of certificates, and can be used to add CA certificates to the store of valid CA certificates, as well as add trusted certificates to the keystore being used to keep valid, trusted certificates.
If the certificate for a web site that is accessed using a WCM solution is not valid, you will get an SSLException thrown with the message "untrusted server cert chain".
SSL Troubleshooting
"Front-end Issues"
You may also need to check the configuration of your web-server to ensure that it is SSL enabled.
Viewing images in secured SSL sites through containment
To be able to view images in secured SSL sites through containment, the requested server needs to be trusted by the requesting WCM server. To do so, the requesting server needs to import the certification key of the requested server into the java security key file. refer to the WebSphere Application Server Information Center for information on containment and SSL certification.
Parent topic: Other Configuration Options.
IBM Workplace WCM - V5.1.0.1 -
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.