how to generate new SSL certificate in websphere application server liberty v. 8.5.5.0

I am just looking for some information. I want to enable ssl and https redirect on (some basic security so I can expose the appCenter and apps for testing):

Websphere application server liberty v. 8.5.5.0 windows server 2008 R2 Java version 1.7.0_71 64bit

What I did: Installed eclipse + mobilefirst studio then websphere application server liberty v. 8.5.5.0 then the MobileFirst Platform Server I read the guide here and the security utility guide These guides are quite limited and I am very new to WebSphere, I have questions about how to remove the existing certificate and generate new self-signed on succesfully I would just like to see a more complete example, some of the related posts here refer to configuring the web.xml but it's not in the documentation. Can anyone point me to a fuller example that shows how enabling ssl and https redirect are setup? My end goal is that accessing the appCenter uses ssl and https redirect. Thanks

1 1 1 silver badge asked Dec 11, 2014 at 17:31 31 1 1 gold badge 1 1 silver badge 11 11 bronze badges

1 Answer 1

I'll try to answer your question in parts, as it is quite broad.

Enabling SSL

To enable ssl in the Liberty profile the easiest is to use WDT (WebSphere Developer Tools) in Eclipse. in the Servers view right click the server and select Utilities > Create SSL Certificate . It will:

Generate Selfsign certificate - you can customize validity period and Subject Name
Store it in $/resources/security/key.jks
In the Console view it will output piece of code you need to add to your server.xml :

 ssl-1.0  encodedPassword http://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/rwlp_command_securityutil.html?lang=en" rel="noreferrer">securityUtility command:
 securityUtility createSSLCertificate --server=myserver --password=mypassword --validity=365 --subject=CN=mycompany,O=myOrg,C=myCountry 
After modifying server.xml your Liberty is enabled for SSL on 9443:
 https://localhost:9443/
Customizing SSL certificate

  Use securityUtility as above - allows to override period and SN
  Use keytool that comes with JDK, it will allow more customization (name, key length and algorithm), for example:

C:\Java\jdk1.7.0_67\bin>keytool -genkeypair -alias myCert -keystore keystore.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: liberty What is the name of your organizational unit? [Unknown]: test What is the name of your organization? [Unknown]: gas What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=liberty, OU=test, O=gas, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for (RETURN if same as keystore password): Re-enter new password: 

  Third party tools, for example if you have full WAS you can use ikeyman to generate certificate using wizard.

Whatever method you will use to create new keystore and self sing cert, update keyStore definition in server.xml
Redirection to SSL
By default any unconfigured application will be available over http and https. 
If you want to force application to use SSL you will need to create/modify web.xml file for that application. Add the following to your web.xml :
 allApp allresources /*  CONFIDENTIAL   
And you have to enable application security adding following to server.xml :
 appSecurity-2.0  
You're done. You have SSL enabled for your server and redirection for given app.