step by step to Integrate https with ibm connections

1)  Verify where kdb and sth files are stored :

Was console: security -> SSL certificate and key management -> Key stores and certificates -> CMSKeyStore (verify path)

2) Open plugin xml and verify where store sth and kdb files  then copy from websphere path (1) .

Server Types-> Web servers > webserver1 > Plug-in properties -> Plug-in key store directory and file name
If not present:

-) Configure Ihs using ibm docs then open  Was console: servertypes / webServers / webservername -> plugin options-> copy kdb to plugin folder
-) Set default cert in kdb using ikeyman

3) Configure virtual host to use ssl :


LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443

<VirtualHost *:443>
ServerName www.mydomain.com
SSLEnable
</VirtualHost>

</IfModule>

SSLDisable
Keyfile "<path used in plugin>\plugin-key.kdb"
SSLStashFile "<path used in plugin>\plugin-key.sth"


LoadModule was_ap22_module /opt/ibm/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/ibm/Plugins/config/webserver1/Plugin-cfg.xml

Step by step htadmin config to use with Websphere Application Server

Here you can find step by step configuration for use IHS htadmin

Step 1 generate user :

/opt/ibm/HTTPServer/bin/htpasswd -cm /opt/ibm/HTTPServer/conf/admin.passwd htadmin

Step 2 edit admin.conf :

vi /opt/ibm/HTTPServer/conf/conf/admin.conf

#Change listen port:
Listen 8008

#Change running user
User wwwrun
Group www

#Set serverName
ServerName servername.mydomain.com

Step 3 add user and group to run htadmin:
groupadd www
useradd wwwrun -g www

Step 4 run htadmin:

/opt/ibm/HTTPServer/bin/adminctl start

How to protect alias with htpasswd file

Just a simple reminder :

1) Create passwd file:
htpasswd2 -c /etc/apache2/htpasswd USER -> insert password

2) verify grant on path

3) create alias

Alias /protected /root/path
<Location /protected >
        AuthType Basic
        AuthName "download for protected "
        AuthUserFile /etc/apache2/htpasswd
        Require valid-user
</Location>

How to configure Apache Security on Ldap

This is a simply configuration of apahce to use Ldap authentication, You need to enable ldap and ldap_auth modules.

 

<Location /ldaplocation >
 
AuthType Basic
AuthName "ldap auth"
AuthBasicProvider ldap
AuthLDAPBindDN "CN=ldapbind,O=test,C=it"
AuthLDAPBindPassword mypasswordhere
AuthLDAPURL "ldap://ldaphost:389/?uid?sub?(objectClass=inetOrgPerson)"
 
Options Indexes
SetOutputFilter DEFLATE
  <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
     Require valid-user
 </Limit>
</Location>

3 simple step to use .htaccess & .htpasswd

1) Create htpasswd

htpasswd -c /srv/www/htpasswd username —-> <insert password>

2) Put file named .htaccess
containing this lines:

#######################################
AuthUserFile  /srv/www/.htpasswd
AuthType Basic
AuthName "backend"
Require valid-user
#######################################

3) allow override in http.con as follow:

<Directory "/srv/www/htdocs">;
...

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
AllowOverride AuthConfig
# Controls who can get stuff from this server.
Order allow,deny
Allow from all

...
</Directory>