Is there a way to disable SSL on WAS? So you can just log on using a username and password. That isnt tied to disabling the Global Security?
Cheers
First of all, the login part of the application has nothing to do with the protocol you use to reach your application, e.g. you can use a login dialog (forms, http auth... etc), with 'normal' http or http over SSL (SSL being preferred if the app is not inhouse use only, even if it is, I would think about using SSL).
In WebSphere you deploy your application on a Virtual Host. A virtual host is a collection of host names and ports (called host aliases) from which your application should be reachable. So to get the behaviour you want, I would create a new virtual host (description is for the WebSphere Admin Console Application in 6.1):
Environment > Virtual Host > New
Give it a descriptive name, like http_only. Afterwards you do:
Environment > Virtual Host > http_only > Host Aliases > New
There you add a host name or a asterisk ('*', without the quotes) and a port number (in this case the port for http. Next is changing the virtual host your application is bound on:
Applications > Enterprise Applications > app_name > Virtual hosts
There are dropdown boxes you can choose the virtual hosts from. After that and a save, the app should be reacheable only over http.
Related
I am trying to set up a client-server EJB using two different machines on my network. while installing WAS server it prompted me to add admin credentials, so LTPA is enabled (hope it enabled SSL). Now on client EJB deployed WAS server I have to configure the outbound IIOP SSL certificate(Correct me if I am wrong on this). But unfortunately in the server WAS admin console I can see SSL Signer certificates cn(Host/domain) parameter as localhost. the same "localhost" is arriving when I try to "retrieve from port" in client EJB WAS server.
I have attached the "Retrieve from port" screenshot
Client WAS retrieve from port action
Even I have tried changing the hostname in the server WAS under the Server-> Communications -> Port to IP address instead of localhost.
I expect it should bring domainname.ipaddress
"Retrieve from port" action always brings "localhost" from the remote server
As per the comment by #Gas, I am following this below link
https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_sslreplacecell.html
will update in short
I currently have a WildFly 9 cluster up and running with access to my application over port 8080, I would like to set up SSL and have access only on port 8443, but I cannot seem to find any documentation for where the security realm and https listener are placed in Domain mode.
I have the keystore and certificate all set up and was able to get https working in a demo using standalone mode, but I need to be able to do it in domain mode.
Can anyone help me out and share how they've accomplished this?
Solved it! It turns out for some reason JBoss was not registering my Security Realm and HTTPS listener. To do this you need to use bin/jbosscli and the commands:
RUN THE "CONNECT" COMMAND FIRST
/host=master/core-service=management/security-realm=SSLRealm/:add()
---where SSLRealm is the name of the realm
/host=master/core-service=management/security-realm=SSLRealm/server-identity=ssl/:add(keystore-path=Keystore.jks, keystore-relative-to=jboss.domain.config.dir, keystore-password=password)
---this assumes the keystore lives in the domain/configuration directory
Restart the server.
I then ran into issues figuring out the command to register the HTTPS listener, but I found the WildFly web console at serverURL:9990 has a way to do it too:
Once logged in to the webconsole
Configuration->Profiles->for each profile which is used->Undertow->HTTP->View
From there
HTTP Server->default-server->view
Finally
HTTPS Listener->ADD enter a name like: default-https, Security Realm: the name chosen for the security realm (for this example SSLRealm), Socket Binding: https and click save
Restart again
You should now have access at your serversURL:8443
To set it up on slave servers you should only need to copy the keystore to each slave servers domain/configuration and then add the security realm replacing /host=master/ with /host=slave/ in the command. And then restart the server.
Double check the Domain.xml file on the slave has the https listener you created originally in the webconsole (it should automatically be put into all of the clusters domain.xml files)
We're developing a C#/.NET WCF web service that needs be installed on an (enterprise) customer's machine, which may or may not have Apache/IIS running as well.
Communication with our service has to be secured with SSL, but what if the existing Apache/IIS is already using an SSL cert for this address? Can we share it since the host is the same?
For example:
Host: sasquatch.ourcustomer.com
Their existing stuff: Apache or IIS is running on port 80
Our newly installed stuff: Our service is running on port 9999
If Apache/IIS has its own cert, should/can we use it too?
If not, what should we do?
A certificate identifies a host and not a service. It is independent from the port you use or the application providing the service. If you have multiple services on the same host it is still the same host, so you can use the same certificate.
I have a WCF service running on "http://localhost:12345/ServiceName". I also have a VM running under hyper-v in Windows 8 public beta. Is there any way that I can connect to this service from the VM? I cant seem to set up a bridged network connection in the hyper-v manager. An alternative would be for the WCF service to bind to the Win8 machine name or IP, but I don't know how I would find out what that endpoint is from the VM side. The WCF service can be changed in any way needed...
Any help would be much appreciated!
Many thanks,
Jon
Not sure this will work with a Windows VM, but I managed to open host's URL from inside an Ubuntu VM:
On Host disable the Firewall or add a rule to allow connections to the respective port (12345 in your case).
On VM edit /etc/hosts, replace 127.0.0.1 localhost with IP_OF_HOST localhost.
Now http://localhost:12345/ServiceName should open from inside the VM.
you can create Virtual Switch in Hyper-V(Virtual Switch Manager) Then you can connect it to your VM(right click on VM ->setting -> create Legaci network adapter -> connect abouve virtual switch to it). after that you should install intigration to Hyper-V for your OS in VM. then you can connect to your virtual switch in your VM. after that you can access internet as well. you your host machine has it. type your host machine's IP address in web browser and you can access any service in host machine
You also need to run as admin on the host machine command shell netsh http add urlacl url=http://*:12345/ user=Everyone where 12345 is the port number of your service.
I am trying to set up an HTTPS site on IIS 7. I have added the certificate, set up the appropriate bindings and the site is accesible from within my company's intranet, however no one from the outside internet can access it. I have a 1:1 NAT forward set up for port 443 that should route requests to the IP address for my server. I have the same situation for port 80 and don't have any issues with http sites being accessible.
Any suggestions for what I might be missing here?
UPDATE:
As it turns out, the company that manages my company's firewall had added the exception for https and 443, and the correct routing, but hadn't added an exception for the process that handles https.
For starters, from outside, use telnet to see if you can even get to the port from outside:
telnet <host name or ip> 443
Note the space before the port.
If the telnet screen goes fully black, w cursor in top left, you can connect, so it is an iis issue.
If telnet just sits there, it is trying to connect but can't. It may finally throw "connection refused" or "could not connect." This means the problem is on the physical firewall (which needs the inbound path opened) or on the iis server itself (in its firewall or iis config)
In this case, next step:
Do the telnet operation on the IIS server itself, and from the same network as IIS (e.g. not through the firewall).
-- If this works: The problem is the network firewall config
-- If this does not work, you need to check the firewall on the IIS server itself (the windows firewall), and the IIS config itself
Note, on windows 7 and vista, telnet may not be present out of the box. Google how to enable it.