Monday, 11 August 2014

Configure Self signed SSL certificate with Wbsphere Application server.


Hi everyone,

As a part of Security baseline it is always recommend that don’t use the default SSL certificate for Websphere application server, because default certificate display host name of your server. Se here we create the Self signed certificate and configure it. It is very simple task in case of webspher application server.

Before going to configure the SSL with Websphere, we need to know the basic things about SSL

What is SSL?  

SSL is an acronym for Secure Sockets Layer. The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

To know more about SSL go through this link https://calomel.org/ssl_certs.html

Procedure :


There are different methods to complete this task, but I always follow the bellow sequence to complete this Task.

1.      Creating SSL kyestore and SSL certificate for an application server.
2.      Creating SSL Configuration using new certificate
3.      Configuring SSL Configuration and SSL certificate.
4.      Configuring a browser to work with certificates.

Creating SSL kyestore and SSL certificate for an application server.
A Java KeyStore (JKS) is a repository of security certificates, either authorization certificates or public key certificates, used for instance in SSL encryption.

Procedure:

1. Navigate to Security > SSL certificate and key management > Key stores and certificates > in KeyStore Usages select SSL KeyStore and click on New.


2.     Enter The data in following field. e.g.
Name :TestKey
Path   :$WAS_HOME/profiles/AppSrv01/etc/TestKey.jsk.
Type   :JSK
Click on Apply and save.



  
3.  Once you created a keystore, create a SSL certificate and for that navigate to
SSL certificate and key management > Key stores and certificates > TestKey > Personal certificates then click on Create Self-Signed Certificate.


4.    Type in all required fields e.g.
Alias name : TestCertificate (The alias identifies the certificate request in the keystore).
Common name : TestCertificate (CN) value. This value is the CN value in the certificate distinguished name (DN).
Validity period : The default validity period value is 365 days.


 Click on Apply and save.






Creating SSL Configuration using new certificate

1.   To create new SSL configuration navigate to SSL certificate and key management > SSL configurations and click New.



2.     In following Screen Type following Information.
Name : TestCertificate
Trust Stote Name : TestKeyStore
Key Stote Name : TestKeyStore
Then Click on Get Certificate Aliases.
Then click on apply and save.

   
Configuring SSL Configuration and SSL certificate.

1.  Navigate to Servers> Websphere Application Server > Server1 > Web Container Setting > Web Container 


2.     Click on WCInboundDefaultSecure > SSL inbound channel (SSL_2)

3.     In SSL configuration select the TestCertificate.


4.     Click on Apply and Save.
5.     Repeat  the Step 1 to 4 for the WCInboundAdminSecure

       6. Restart Server to activate the changes

Here we done with the all required stuffs for SSL configuration, now on thing is left that is to configure the web browser for to use new certificate. For that we need to follow the bellow steps.

Configuring a browser to work with certificates

After the configuration of SSL on websphere application server perform the following steps to configure browser for same.

1.    When you go to the Internet Explorer and looking for WAS administration console you will get the following screen. Click on Certificat Error and then on View Certificates and you will get the certificate detail.

  
2.     This is the new SSL certificate which we had created and configured.



3.     Click on Install Certificate for install it on your system as a trusted certificate and then click Next



4.     In Certificate Store wizard select store and click Next




5.     Click on finish and then you will get The import was successful.


6.  Now navigate to Tools>Internet Options>Content>Certificates and check for your certificate name in Internet Explorer.


             And here we done with Installation of TestCertificate on your current system

8.  Click Tools > Internet Options > Advanced. Scroll down and clear the Warn about certificate address mismatch check box. Click OK. Close Internet Explorer


9.     Now open the new tab and try to access the WAS administration console and you will get the following output.



Hope this will work for you also..
Effort only fully releases its reward after a person refuses to quit.”
Regards,
Akhilesh B. Humbe

Wednesday, 6 August 2014

Configure Java VisualVM with Websphere Application Server


Hi everyone,

Since Version 1.5, Sun’s JDK includes a nice profiling tool called VisualVM, intended to be used by developers, sysadmins and any person that needs to troubleshoot and profile memory consumption in Java applications and servers.  To run it, just execute the file jvisualvm located in $JAVA_HOME/bin. With VisualVM you can:

1.Monitor heap usage
2.Monitor CPU usage
3.Monitor Threads
4.Initiate garbage collections
5.Profile CPU and memory
6.And more…


To profile local applications is pretty easy, since you only need to start it and it’ll detect all Java-based applications and you’ll be able to see the Heap/PermGen usage, the number of threads used, the classes loaded by the class loader and other stuff.It can also be used to monitor IBM JVM’s. VisualVM is not able to connect to the IBM JVM locally. JMX must be used instead. To enable JMX monitoring on the IBM JVM follow the bellow procedure

Procedure:


From Websphere Application Server Side:

On the admin console Click on Servers->Server types->WebSphere application servers->server1->Process definition->Java Virtual Machine, add the following line into the field of Generic JVM Argument (note that the first system property is equal to nothing and no equal sign for the second system property):


-Djavax.management.builder.initial= -Dcom.sun.management.jmxremote




Add or uncomment the following three lines in file WAS_HOME/java/jre/lib/management/management.properties

com.sun.management.jmxremote.port=1099

com.sun.management.jmxremote.authenticate=false

com.sun.management.jmxremote.ssl=false

com.sun.management.jmxremote.local.only=false

From Java  VisualVM Side:

Go to the JAVA_HOME/bin and execute following command

jvisualvm.exe



Right click on the Local and clock on Add JMX connection



 Insert the jmx port wich we have mentioned earlier in management.properties file i.e 1099



Double click on newly added jmx connection i.e localhost:1099 and we will get the monitoring console available for check


We can use the different tabs for monitoring different areas.


Effort only fully releases its reward after a person refuses to quit.”
Regards,
Akhilesh B. Humbe
 

Popular Posts