IBM DB2 Content Manager V83 and manual SSL Configuration

This article describes how to manually configure SSL in the IBM DB2 Content Manager V83 system, in general, the SSL protocol is required. When installing the IBM DB2 Content Manager V83 system.

The installer can complete the SSL configuration in ibm http Server. The system administrator can also manually configure SSL using the instructions provided by IBM DB2 Content Manager V83. Here are some introductions and instructions for configuring SSL manually.

Note:

In the IBM DB2 Content Manager V83 system, the SSL protocol is required. When installing the IBM DB2 Content Manager V83 system, the installer can complete the SSL configuration in the ibm http Server. In the following cases, the Administrator may need to manually complete the SSL Configuration:

1. SSL is not selected when IBM DB2 Content Manager V83 is installed;

2. The system is upgraded from IBM DB2 Content Manager V82 to V83;

3. After IBM DB2 Content Manager V83 is installed, the Websphere Application Server is upgraded from V5 to V6, or the ibm http Server is re-installed;

4. When installing IBM DB2 Content Manager V83, the typical installation is selected;

In the cases listed above, the SSL of ibm http Server cannot be automatically configured by the installation program of IBM DB2 Content Manager V83. After the Administrator completes the installation of IBM DB2 Content Manager V83, manual configuration based on the actual needs of the system. The specific SSL configuration steps are as follows:

1. For Windows operating systems, open a command window and go to the configuration directory of IBM DB2 Content Manager V83. The default value is C: \ Program Files \ IBM \ db2cmv8 \ config.

For UNIX or Linux operating systems, log on to the system as the root user and go to the/opt/IBM/db2cmv8/config directory.

2. Use the following command to set the environment variable:

For Windows:

 
 

  
  
set JAVA_HOME=C:\WebSphere60\AppServer\java   
  
  
set PATH=%JAVA_HOME%\bin;%PATH%  
 
 

For UNIX operating systems:

 
 

  
  
export JAVA_HOME=/usr/IBM/WebSphere60/AppServer/java   
  
  
export PATH=$JAVA_HOME/bin:$PATH  
 
 

3. for Windows, you also need to modify the PATH environment variable and add the LIB directory of GSK. The command is as follows:

 
 

  
  
set PATH=C:\Program Files\ibm\gsk7\lib;%PATH%  
 
 

4. After completing the preceding environment configuration, you can run the RMUpdateSSL command to configure SSL. This command is a command contained in IBM DB2 Content Manager V83. The command execution syntax is as follows:

 
 

  
  
java RMUpdateSSL <HTTPServer_conf_directory>  
 
 

<HTTPServer_conf_directory> indicates the conf directory of the ibm http Server.

By default, the command is: java RMUpdateSSL C: \ WebSphere60 \ HttpServer \ conf on the Windows operating system.

On a UNIX operating system:

 
 

  
  
java RMUpdateSSL /usr/IBM/WebSphere60/HttpServer/conf  
 
 

The log information of this command is recorded in the <IBMCMROOT>/config/cmcfgrmas. log File. <IBMCMROOT> is the installation directory of IBM DB2 Content Manager V83. The following is an example of this log file:

 
 

  
  
2005/08/12 06:42:38 RMUpdateSSL Entry   
  
  
2005/08/12 06:42:39 RMUpdateSSL adding com.ibm.spi.IBMCMSProvider   
  
  
2005/08/12 06:42:39 RMUpdateSSL adding com.ibm.crypto.fips.provider.IBMJCEFIPS   
  
  
2005/08/12 06:42:41 RMUpdateSSL pluging configured on line 844   
  
  
2005/08/12 06:42:41 RMUpdateSSL SSL is ready to be configured.   
  
  
2005/08/12 06:42:41 RMUpdateSSL os.name AIX  
 
 

When configuring SSL, You need to modify the configuration file httpd. conf of the ibm http Server. Before modification, the original configuration file will be backed up and the backup will be stored as HTTPServer/conf/httpd. conf.000. After the backup, the command RMUpdateSSL will add the following information at the end of the configuration file:

 
 

  
  
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so   
  
  
LoadModule was_ap20_module /usr/WebSphere60/Plugins/bin/mod_was_ap20_http.so   
  
  
WebSpherePluginConfig /usr/WebSphere60/AppServer/profiles/BaseUnmanaged/config/c   
  
  
ells/cma66Node01Cell/nodes/webserver1_node/servers/webserver1/plugin-cfg.xml   
  
  
Listen 443   
  
  
<VirtualHost cma66.svl.ibm.com:443>   
  
  
ServerName cma66.svl.ibm.com   
  
  
DocumentRoot "/usr/WebSphere60/HttpServer/htdocs/en_US"   
  
  
ErrorLog "/usr/WebSphere60/HttpServer/logs/error.log"   
  
  
TransferLog "/usr/WebSphere60/HttpServer/logs/error.log"   
  
  
ServerSignature Off   
  
  
SSLEnable   
  
  
SSLFIPSEnable   
  
  
Keyfile "/usr/WebSphere60/HttpServer/conf/key.kdb"   
  
  
SSLV2Timeout 100   
  
  
SSLV3Timeout 1000   
  
  
SSLClientAuth none   
  
  
SSLServerCert icmrm   
  
  
SSLCipherSpec 3A   
  
  
SSLCipherSpec FF  
 
 

If you get an error when running the RMUpdateSSL command, you can refer to the log file and use the debug mode of the command to obtain more detailed information. The command is as follows:

 
 

  
  
java -Ddebug=true RMUpdateSSL HTTPServer_conf_directory  
 
 

5. Start ibm http Server;

In Windows, run:

Start & gt; Programs & gt; ibm http Server 6.0 & gt; Start HTTP Server

In a UNIX operating system, run the following command:

 
 

  
  
/usr/IBM/WebSphere60/HttpServer/bin/apachectl start  
 
 

6. Check the SSL configuration in the browser and access URL: http: // hostname and https: // hostname. You can see the ibm http Server interface.

If it is normal, continue; otherwise, re-check the SSL configuration.

7. Start the Resource Manager of IBM DB2 Content Manager. By default, you can run the following command to start it:

In Windows:

 
 

  
  
C:\WebSphere60\AppServer\bin\startServer.bat icmrm   
 
 

In UNIX

 
 

  
  
/usr/IBM/WebSphere60/AppServer/bin/startServer.sh icmrm  
 
 

8. Check that the resource manager can be accessed through the browser interface. For the default settings, visit the following address:

Http: // hostname/icmrm/snoop and https: // hostname/icmrm/snoop

You can see the snoop page.

9. modify the configuration of IBM DB2 Content Manager to connect to the Service port of the correct Resource Manager. In this regard, you need to open the system management client of IBM DB2 Content Manager and configure the correct port on the properties page of the resource Manager.

After completing the preceding steps, you can complete the SSL configuration. If you still have problems, contact the IBM technical support center.

References:

GC27-1332 IBM DB2 Content Manager Enterprise Edition Planning and Installing Your Content Management System

SC27-1335 IBM DB2 Content Manager Enterprise Edition System Administration Guide

The above Content is an introduction to how to manually configure SSL in the IBM DB2 Content Manager V83 system.