Securing WebSphere Application Server

Securing WebSphere® Application Server consists of securing IBM® HTTP Server (IHS), which is installed with WebSphere Application Server as part of the Rational® ClearQuest® Web installation; securing the WebSphere Application Server HTTP plug-in; and securing the WebSphere Application Server environment.

Procedure

  1. You must perform the tasks described in sections 7.2 and 7.3 of the IBM WebSphere Application Server V6.1 Security Handbook to secure IBM HTTP Server and the WebSphere Application Server HTTP plug-in, respectively: http://www.redbooks.ibm.com/abstracts/sg246316.html?Open.
    Attention: SSL communication does not function and the client certificate is not sent to WebSphere Application Server if you do not secure IBM HTTP Server and the WebSphere Application Server HTTP plug-in.
  2. It is a best practice to review sections 11, 12, 14, and 15 of the IBM WebSphere Developer Technical Journal article "WebSphere Application Server V6 advanced security hardening – Part 1" for instructions on securing the WebSphere Application Server environment: http://www.ibm.com/developerworks/websphere/techjournal//0512_botzum/0512_botzum1.html.
  3. Restart the WebServer Application Server to complete the configuration changes.

Feedback