To configure a security key file for production:
- On your Web server machine, stop the IBM HTTP Server.
- Change your directory to the conf subdirectory under the IBM HTTP Server installation directory on your machine.
- Create a backup copy of httpd.conf by and rename the backup copy of the file to httpd.conf.backup.
- Open httpd.conf in a text editor.
- Ensure that the following lines are uncommented (by removing the "#" at the front of the line) for port 443:
- LoadModule ibm_ssl_module modules/IBMModuleSSL128.dll
- Listen 443
- <VirtualHost host.some_domain.com:443> (You must also substitute your fully qualified host name in this line.)
- SSLEnable
- </VirtualHost>
- Keyfile "HTTPServer_installdir/ssl/keyfile.kdb"
- LoadModule ibm_ssl_module libexec/mod_ibm_ssl_128.so
- AddModule mod_ibm_ssl.c
- Listen 443
- <VirtualHost host.some_domain.com:443> (You must also substitute your fully qualified host name in this line.)
- SSLEnable
- </VirtualHost>
- SSLDisable
- Keyfile "HTTPServer_installdir/ssl/keyfile.kdb"
- SSLV2Timeout 100
- SSLV3Timeout 1000
- Ensure that the following lines are uncommented (by removing the "#" at the front of the line).
- For the WebSphere Commerce administrative tools, you require ports 8000, 8002, and 8004:
Listen 8000 Listen 8002 Listen 8004
If you are using WebSphere Commerce Payments, you require ports 5432 and 5433 as well:Listen 5432 Listen 5433
- Ensure the virtual host sections for the preceding ports are also uncommented (by removing the "#" at the front of the lines if they are present). You must substitute your fully qualified host name as appropriate in these sections. For a list of the default path name variables in the following examples, see Conventions.
The following examples were derived from the uncommented virtual host sections on a Windows system httpd.conf file; these sections are similar on other operating systems.
Example "Listen" sections of httpd.conf file########## IBM WebSphere Payments (Do not edit this section) ################# Listen 5432 Listen 5433 ########## End of IBM WebSphere Payments (Do not edit this section) ########## ... ########## IBM WebSphere Commerce (Do not edit this section) ################# Listen 8000 Listen 8002 Listen 8004 ########## End of IBM WebSphere Commerce (Do not edit this section) ##########
Example virtual host header section of an httpd.conf file########## End of IBM WebSphere Commerce (Do not edit this section) ########## ## VirtualHost: Allows the daemon to respond to requests for more than one ## server address, if your server machine is configured to accept IP packets ## for multiple addresses. This can be accomplished with the ifconfig ## alias flag, or through kernel patches like VIF. # ## Any httpd.conf or srm.conf directive may go into a VirtualHost command. ## See also the BindAddress entry. # #<VirtualHost host.some_domain.com:443>
Example virtual host section of httpd.conf file for Payments########## IBM WebSphere Payments (Do not edit this section) ################# <VirtualHost host.some_domain.com:5433> SSLEnable SSLClientAuth 0 ServerName wordsworth.torolab.ibm.com DocumentRoot "HTTPServer_installdir\htdocs\en_US" </VirtualHost> ########## End of IBM WebSphere Payments (Do not edit this section) ##########
Example virtual host section of httpd.conf file for WebSphere Commerce port 80. (Unsecured port)########## IBM WebSphere Commerce (Do not edit this section) ################# #Instance name : instance_name <VirtualHost host.some_domain.com:80> ServerName host.some_domain.com DocumentRoot "HTTPServer_installdir/htdocs/en_US" Alias /wcsdoc "WC_installdir/web/doc" Alias /wcsstore "WAS_installdir\installedApps\host\WC_instance_name.ear/Stores.war" Alias /wcs "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war" </VirtualHost>
Example virtual host section of httpd.conf file for WebSphere Commerce port 443. (Secured port)<VirtualHost host.some_domain.com:443> SSLEnable SSLClientAuth 0 ServerName host.some_domain.com DocumentRoot "HTTPServer_installdir/htdocs/en_US" Alias /wcsdoc "WC_installdir/web/doc" Alias /wcsstore "WAS_installdir\installedApps\host\WC_instance_name.ear/Stores.war" Alias /wcs "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war" </VirtualHost>
Example virtual host section of httpd.conf file for WebSphere Commerce port 8000. (WebSphere Commerce Accelerator)<VirtualHost host.some_domain.com:8000> SSLEnable SSLClientAuth 0 ServerName host.some_domain.com DocumentRoot "HTTPServer_installdir/htdocs/en_US" Alias /wcsdoc "WC_installdir/web/doc" Alias /wchelp "WC_installdir/web/doc/en_US" Alias /adminconsole "WAS_installdir\installedApps\host\WC_instance_name.ear/SiteAdministration.war/tools/adminconsole/wcsadmincon.html" Alias /wcsstore "WAS_installdir\installedApps\host\WC_instance_name.ear/Stores.war" Alias /accelerator "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war/tools/common/accelerator.html" Alias /wcs "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war" Alias /wcadmin "WAS_installdir\installedApps\host\WC_instance_name.ear/SiteAdministration.war" Alias /wcorgadmin "WAS_installdir\installedApps\host\WC_instance_name.ear/OrganizationAdministration.war" Alias /orgadminconsole "WAS_installdir\installedApps\host\WC_instance_name.ear/OrganizationAdministration.war/tools/buyerconsole/wcsbuyercon.html" </VirtualHost>
Example virtual host section of httpd.conf file for WebSphere Commerce port 8002. WebSphere Commerce Administration Console<VirtualHost host.some_domain.com:8002> SSLEnable SSLClientAuth 0 ServerName host.some_domain.com DocumentRoot "HTTPServer_installdir/htdocs/en_US" Alias /wcsdoc "WC_installdir/web/doc" Alias /wchelp "WC_installdir/web/doc/en_US" Alias /adminconsole "WAS_installdir\installedApps\host\WC_instance_name.ear/SiteAdministration.war/tools/adminconsole/wcsadmincon.html" Alias /wcsstore "WAS_installdir\installedApps\host\WC_instance_name.ear/Stores.war" Alias /accelerator "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war/tools/common/accelerator.html" Alias /wcs "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war" Alias /wcadmin "WAS_installdir\installedApps\host\WC_instance_name.ear/SiteAdministration.war" Alias /wcorgadmin "WAS_installdir\installedApps\host\WC_instance_name.ear/OrganizationAdministration.war" Alias /orgadminconsole "WAS_installdir\installedApps\host\WC_instance_name.ear/OrganizationAdministration.war/tools/buyerconsole/wcsbuyercon.html" </VirtualHost>
Example virtual host section of httpd.conf file for WebSphere Commerce port 8004. WebSphere Commerce Organization Administration Console<VirtualHost host.some_domain.com:8004> SSLEnable SSLClientAuth 0 ServerName host.some_domain.com DocumentRoot "HTTPServer_installdir/htdocs/en_US" Alias /wcsdoc "WC_installdir/web/doc" Alias /wchelp "WC_installdir/web/doc/en_US" Alias /adminconsole "WAS_installdir\installedApps\host\WC_instance_name.ear/SiteAdministration.war/tools/adminconsole/wcsadmincon.html" Alias /wcsstore "WAS_installdir\installedApps\host\WC_instance_name.ear/Stores.war" Alias /accelerator "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war/tools/common/accelerator.html" Alias /wcs "WAS_installdir\installedApps\host\WC_instance_name.ear/CommerceAccelerator.war" Alias /wcadmin "WAS_installdir\installedApps\host\WC_instance_name.ear/SiteAdministration.war" Alias /wcorgadmin "WAS_installdir\installedApps\host\WC_instance_name.ear/OrganizationAdministration.war" Alias /orgadminconsole "WAS_installdir\installedApps\host\WC_instance_name.ear/OrganizationAdministration.war/tools/buyerconsole/wcsbuyercon.html" </VirtualHost> ########## End of IBM WebSphere Commerce (Do not edit this section) ##########
Note: It is recommended that your firewall software blocks external access to the ports you have configured for WebSphere Commerce Tools (port 8000, 8002, and 8004 by default). Consult the documentation for the firewall software you are using at your site for information on how you do this.
- For the WebSphere Commerce administrative tools, you require ports 8000, 8002, and 8004:
- Save your changes.
- To ensure that your httpd.conf file does not contain syntax errors:
Change to the bin subdirectory under the IBM HTTP Server installation directory on your machine and run the following command: ./httpd -t
Change to the IBM HTTP Server installation directory on your machine and run the following command:
apache -t
- Start the IBM HTTP Server.