Configuring the Liberty profile for data grids that are accessed with SSL enabled

If you have client applications that are deployed in the WebSphere® Application Server Liberty profile, then you can configure the Liberty profile for HTTPS, which automatically uses SSL and data encryption for secured web servers.

Procedure

  1. Run the following command to create the SSL certificate and enable HTTPS:
    cd to lib_dir\bin
    securityUtility createSSLCertificate --server=defaultServer --password=xc10test
  2. Add the following SSL feature to the server.xml file to configure the Liberty profile to run SSL data encryption: [Version 2.5 and later]
    <featureManager>
            <feature>ssl-1.1</feature>
        </featureManager>
        <keyStore id="defaultKeyStore" password="{xor}MjowbTI+Kyw=" />
  3. Start the Liberty profile using the following command:
    ./server start servername
    A PID is displayed.
  4. Open the session application using the following URL:
    http://server:securedport/A/
  5. Perform session testing to verify that the data is written to the session grid in the appliance.

SSL-enabled server definition file example

Some lines of code are displayed on multiple lines for publication purposes.See the following example of an advanced server.xml file configuration that uses the SSL feature. This example is displayed on multiple lines for publication purposes.
Note: Beginning in Version 2.5, the feature version numbers changed from webApp-1.0 to webApp-1.1.

[Version 2.5 and later]
<server description="new server">

    <!-- Enable features -->
    <featureManager>
        <feature>jsp-2.2</feature>
        <feature>eXtremeScale.server-1.1</feature>
      <feature>eXtremeScale.webApp-1.1</feature>
       <feature>ssl-1.1</feature>
    </featureManager>

      <httpEndpoint id="defaultHttpEndpoint"
                  host="*"
                  httpPort="9080"
                  httpsPort="9443">
        <!--tcpOptions soReuseAddr="true" / -->
    </httpEndpoint>

    <keyStore id="defaultKeyStore" password="{xor}Jzxubys6LCs=" />

 <xsWebApp objectGridName="session" catalogHostPort="remoteHost:2809" securityEnabled="true"       
credentialGeneratorClass="com.ibm.websphere.objectgrid.security.plugins.builtins.UserPasswordCredentialGenerator" 
   credentialGeneratorProps="xcadmin xcadmin"/>
    <applicationMonitor updateTrigger="mbean"/>
    <application id="A" location="A.ear" name="A" type="ear"/>
    <httpSession cloneId="A_test"/>

</server>

What to do next

To set the SSL configuration between the Liberty profile and the data grid container, specify the client transport type in the client properties file. The possible values are: