Force the use of SSL connection - Websphere

This is a discussion on Force the use of SSL connection - Websphere ; Hi, We are running iSeries Apache with Websphere Express 5.0 and HATSLE. We have obtained a Verisign certificate but I want the web server to only connect using HTTPS. I have set things up and it kind of works. If ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Force the use of SSL connection

  1. Force the use of SSL connection

    Hi,

    We are running iSeries Apache with Websphere Express 5.0 and HATSLE.

    We have obtained a Verisign certificate but I want the web server to only
    connect using HTTPS.

    I have set things up and it kind of works.

    If I try to connect to http://ours.com:8080 it won't work but if I try
    https://ours.com:9443 it will work. If I then try http://ours.com:8080 again
    it will work.

    What I want is all connections to require SSL so nothing will go through
    unencrypted.

    How do I do this? I am somewhat of a beginner.

    TIA

    Nathan



  2. Re: Force the use of SSL connection

    Hi Nathan,

    > If I try to connect to http://ours.com:8080 it won't work but if I try
    > https://ours.com:9443 it will work. If I then try http://ours.com:8080 again
    > it will work.
    >
    > What I want is all connections to require SSL so nothing will go through
    > unencrypted.


    Check your httpd.conf file and make sure that your server will not
    listen to ports other than 9443.

    Another possible solution is to user client certificates for
    authentication and add the "SSLClientAuth Required" to your SSL-stanza
    in httpd.conf.

    Kind regards

    Stephan


  3. Re: Force the use of SSL connection

    Hi Stephan,

    Thanks for the response.

    But what about how after I initially connect using HTTPS and then try HTTP
    to the same port it still allows me to do it.

    ie. If I try to connect to http://ours.com:9443 it won't work. If I then try
    to connect to https://ours.com:9443 the connection succeeds. If I then try
    again to connect to http://ours.com:9443 the connection works but it gives a
    message about "This page containing secure and non-secure items"

    Is this normal or am I missing something.

    TIA

    Nathan


    "Stephan Schwarzer" wrote in message
    news:bvb0in$7ede$1@news.boulder.ibm.com...
    > Hi Nathan,
    >
    > > If I try to connect to http://ours.com:8080 it won't work but if I try
    > > https://ours.com:9443 it will work. If I then try http://ours.com:8080

    again
    > > it will work.
    > >
    > > What I want is all connections to require SSL so nothing will go through
    > > unencrypted.

    >
    > Check your httpd.conf file and make sure that your server will not
    > listen to ports other than 9443.
    >
    > Another possible solution is to user client certificates for
    > authentication and add the "SSLClientAuth Required" to your SSL-stanza
    > in httpd.conf.
    >
    > Kind regards
    >
    > Stephan
    >




  4. Re: Force the use of SSL connection

    Hi,

    By default, port 9080 is SSL disabled and port 9443 is SSL enabled in
    WebSphere settings. Try change the SSL settings to the port you want to be
    SSL secured. To do so by going to the Admin Console, at the HTTP Transport
    setting page, change the 9080 port to SSL enabled.

    Cathie Chang
    SPC Waltham
    "Nathan Simpson" wrote in message
    news:bv9dnr$3q5g$1@news.boulder.ibm.com...
    > Hi,
    >
    > We are running iSeries Apache with Websphere Express 5.0 and HATSLE.
    >
    > We have obtained a Verisign certificate but I want the web server to only
    > connect using HTTPS.
    >
    > I have set things up and it kind of works.
    >
    > If I try to connect to http://ours.com:8080 it won't work but if I try
    > https://ours.com:9443 it will work. If I then try http://ours.com:8080

    again
    > it will work.
    >
    > What I want is all connections to require SSL so nothing will go through
    > unencrypted.
    >
    > How do I do this? I am somewhat of a beginner.
    >
    > TIA
    >
    > Nathan
    >
    >




+ Reply to Thread