202 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
WebSphere Liberty Profile - Customising the Logging
Thu, Dec 14th 2017 15
IBM MobileFirst 8 - Commanding the CLI
Thu, Dec 14th 2017 26
Oracle Database 11gR2 - Get the dependencies right ...
Tue, Dec 12th 2017 42
DB2 on Windows - where does the db2nodes.cfg file live ?
Thu, Dec 7th 2017 36
Windows Server 2012 - Ooops, I locked my account
Thu, Dec 7th 2017 66
Nagios and NRPE - There's more ...
Wed, Dec 6th 2017 39
Nagios Remote Plugin Executor (NRPE) and xinetd on Red Hat Enterprise Linux
Wed, Dec 6th 2017 35
Top 10
Windows Server 2012 - Ooops, I locked my account
Thu, Dec 7th 2017 66
Hmmm, macOS Sierra and XQuartz and X11
Thu, Oct 27th 2016 52
Executing external Python/Jython scripts from within WebSphere Application Server's wsadmin tool
Thu, Feb 27th 2014 46
Transport Layer Security (TLS) 1.2 and SoapUI
Fri, Jun 12th 2015 42
Oracle Database 11gR2 - Get the dependencies right ...
Tue, Dec 12th 2017 42
Nagios and NRPE - There's more ...
Wed, Dec 6th 2017 39
DB2 on Windows - where does the db2nodes.cfg file live ?
Thu, Dec 7th 2017 36
Nagios Remote Plugin Executor (NRPE) and xinetd on Red Hat Enterprise Linux
Wed, Dec 6th 2017 35
Mozilla Firefox Quantum - Suppressing Autoplay Videos
Wed, Dec 6th 2017 33
Monitoring WebSphere Liberty Profile via JMX and REST over HTTPS
Tue, Dec 5th 2017 32


WebSphere Liberty Profile - why doesn't HTTPS work ?
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

It took me a while to work out where I'd gone wrong earlier.

I was configuring a newly installed WebSphere Liberty Profile environment ( actually hosting IBM Mobile First Platform ) for HTTPS, and couldn't work out why the server wasn't listening on port 9443.

This is, in brief, what I did: -

Create Default Server

/opt/ibm/WebSphere/Liberty/bin/server create

Server defaultServer created.

Install MFP

/opt/ibm/InstallationManager/eclipse/tools/imcl -input /mnt/ResponseFiles/installMFP8.rsp -acceptLicense

***********************************************************************
Before you start using the product, you must deploy a MobileFirst Server to your application server. 
For more information about deploying projects with the Server Configuration Tool or command line tools, see 
the documentation at http://ibm.biz/knowctr#SSHS8R_8.0.0/com.ibm.worklight.deploy.doc/topics/c_deploy.html. 
***********************************************************************
Installed com.ibm.mobilefirst.foundation.server_8.0.0.20160610_0940 to the /opt/ibm/MFP directory.


Create WLP Keystore and Public/Private Keypair

/opt/ibm/WebSphere/Liberty/bin/securityUtility createSSLCertificate --server=defaultServer --password=passw0rd --validity=365

Configure WLP/MFP 

vi /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/server.xml

inserting: -

    <featureManager>
        <feature>ssl-1.0</feature>
    </featureManager>

    <keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />


Start MFP

/opt/ibm/WebSphere/Liberty/bin/server start

Check logs

tail -f /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/logs/console.log /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/logs/messages.log

Weirdly, whilst I saw this: -

[AUDIT   ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/ibm/api/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/IBMJMXConnectorREST/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/appcenterconsole/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/applicationcenter/


I saw NO reference to port 9443.

Check WLP via HTTPS

curl —insecure https://mfp.uk.ibm.com:9443/

curl: (7) Failed connect to mfp.uk.ibm.com:9443; Connection refused

I must've spent 20 minutes tinkering with this, including looking at my server.xml : -

cat ../server.xml

<?xml version="1.0" encoding="UTF-8"?>
<server description="new server">

    <!-- Enable features -->
    <featureManager>
        <feature>jsp-2.3</feature>
    
        <!-- Begin of features added by IBM MobileFirst installer. -->
        <!-- The following lines will be removed when the application is uninstalled -->
        <feature>jdbc-4.1</feature>
        <feature>servlet-3.1</feature>
        <feature>appSecurity-2.0</feature>
        <feature>usr:MFPDecoderFeature-1.0</feature>
        <!-- End of features added by IBM MobileFirst installer. -->

        <feature>ssl-1.0</feature>
        <feature>restConnector-1.0</feature>

    </featureManager>

    <!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
    <httpEndpoint id="defaultHttpEndpoint"
                  httpPort="9080"
                  httpsPort="9443" host="*" >
        <!-- Option soReuseAddr added by IBM MobileFirst installer. -->
        <tcpOptions soReuseAddr="true"/>
    <keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />

    </httpEndpoint>

Can you see what I did wrong ?

Yep, here it is: -

    <httpEndpoint id="defaultHttpEndpoint"
                  httpPort="9080"
                  httpsPort="9443" host="*" >
        <!-- Option soReuseAddr added by IBM MobileFirst installer. -->
        <tcpOptions soReuseAddr="true"/>
    <keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />

    </httpEndpoint>


For some STUPID reason, I put the keystore stanza INSIDE the httpEndpoint stanza.

Which won't do.

Once I fixed it: -

...
    <httpEndpoint id="defaultHttpEndpoint"
                  httpPort="9080"
                  httpsPort="9443" host="*" >
        <!-- Option soReuseAddr added by IBM MobileFirst installer. -->
        <tcpOptions soReuseAddr="true"/>

    </httpEndpoint>
    
    <keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />

and restarted WLP, things looked much better: -


<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>WebSphere Liberty 17.0.0.3</title>
<style>
body{
color: white;

doVersionCheck(latestReleasedVersion);
</script>
<script type="text/javascript" src="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/wasdev/downloads/adminCenter-welcome.js"></script>
</html>


See, it's ALL about the position :-)







---------------------
http://portal2portal.blogspot.com/2017/12/websphere-liberty-profile-why-doesnt.html
Dec 04, 2017
23 hits



Recent Blog Posts
15
WebSphere Liberty Profile - Customising the Logging
Thu, Dec 14th 2017 5:21p   Dave Hay
On my current engagement, we had a requirement to trim out ( temporarily ) some information log messages which were "spamming" the console.log of a WebSphere Liberty Profile (WLP) environment.Firstly, here's some context about WLP logging: -There are three primary log files for a server: • console.log - containing the redirected standard output and standard error from the JVM process. This console output is intended for direct human consumption. The console output contains major events and
26
IBM MobileFirst 8 - Commanding the CLI
Thu, Dec 14th 2017 4:29p   Dave Hay
As with many of my projects, this is another one in the category of "Tinkering".In order to better support my current client, I needed a quick-start into the world of IBM MobileFirst Platform (MFP).I've blogged about MFP before, but mainly in the context of building out a runtime on the WebSphere Liberty Platform: -WebSphere Liberty Profile - why doesn't HTTPS work ?Using Nagios to monitor IBM HTTP Server and IBM WebSphere Liberty Profilebut now I wanted to go a little bit further.I started
42
Oracle Database 11gR2 - Get the dependencies right ...
Tue, Dec 12th 2017 9:46a   Dave Hay
Having just installed Oracle 11.2 ( 11gR2 ) onto a Red Hat Enterprise Linux 7.4 VM, I was kinda getting fed up with the sqlplus command not working …..sqlplus sqlplus: error while loading shared libraries: libclntsh.so.11.1: cannot open shared object file: No such file or directoryls -al `locate libclntsh.so`-rwxrwx---. 1 oracle oracle 48797739 Dec 12 08:49 /home/oracle/app/oracle/product/11.2.0/dbhome_1/inventory/backup/2017-12-12_08-48-58AM/Scripts/ext/lib/libclntsh.so.11.1-rwxrwx---. 1 orac
36
DB2 on Windows - where does the db2nodes.cfg file live ?
Thu, Dec 7th 2017 2:13p   Dave Hay
I was briefly tinkering with the need to update the db2nodes.cfg file to help DB2 Express 11.1 cope with the hostname change of a Windows Server 2012 R2 boxen.I'd created a new VM, via OpenStack, using a snapshot from an existing VM - which I'd NOT yet deleted.Therefore, OpenStack, being the nice IaaS solution that it is, kindly helped me out by creating the new instance with a new hostname.This borked DB2, as you'd expect ….I've seen similar issues with DB2 on Linux: -SQL10003C There are
66
Windows Server 2012 - Ooops, I locked my account
Thu, Dec 7th 2017 11:59a   Dave Hay
One of my colleagues had a bad day with a shared Windows Server 2012 R2 environment, in that he locked out the main account that we use to access the box, via Remote Desktop Protocol (RDP).This is NOT an Active Directory environment, so there's no domain controller in the mix; these are merely local accounts.Thankfully, I had another account that WASN'T locked out, so I RDP'd into the box using that account and used the Advanced User Accounts Control Panel ( aka netplwiz ), which did the tric
39
Nagios and NRPE - There's more ...
Wed, Dec 6th 2017 6:25p   Dave Hay
Following on from my earlier post: -Nagios Remote Plugin Executor (NRPE) and xinetd on Red Hat Enterprise Linuxthings are starting to become more clear.As far as I can establish, on the NRPE client/agent side, we have several components at work here.So we have the NRPE agent itself, as started using xinetd : -/etc/xinetd.d/nrpe # default: on# description: NRPE (Nagios Remote Plugin Executor)service nrpe{ flags = REUSE socket_type = stream port = 5666 w
35
Nagios Remote Plugin Executor (NRPE) and xinetd on Red Hat Enterprise Linux
Wed, Dec 6th 2017 2:15p   Dave Hay
As per a few previous posts, I'm tinkering ( there's that word again, I must think of another simile ) with Nagios.This time I'm looking to have my Nagios monitoring server ( which runs on Ubuntu ) execute an agent on a remote boxen running Red Hat Enterprise Linux (RHEL).Having installed the pre-requisites ( and I do need to document those steps more clearly ), I setup a NRPE script to be started using xinetd ( A Powerful Replacement For Inetd )cat /etc/xinetd.d/nrpe # default: on# descripti
26
WebSphere Liberty Profile - Monitoring via JMX over REST using Jython
Wed, Dec 6th 2017 1:39p   Dave Hay
For this, I'm using two excellent IBM developerWorks articles as inspiration: -Retrieve performance metrics from the WebSphere Liberty profile, Part 1 - Setup and configurationRetrieve performance metrics from the WebSphere Liberty profile, Part 2 - Data collection by using JythonWithout reposting the entire pair of articles ( which would be a daft idea ), here's a short-cut of what I ended up doing.For the record, I am using Liberty 17.0.0.3: -/opt/ibm/WebSphere/Liberty/bin/server versionWebS
29
WebSphere Liberty Profile - Snooping About
Wed, Dec 6th 2017 11:51a   Dave Hay
I've written about the SuperSnoop Servlet before: -WebSphere Application Server - Binary ScannerWebSphere Liberty Profile on macOS - SuperSnoopingWebSphere Application Server 9 - Snooping AboutWebSphere Application Server - Liberty Profile - Oh, what funand it's one tool that I use, and reuse, whenever I'm testing a build of WebSphere Application Server etc.However, it niggled me that, whilst it DOES run on WebSphere Liberty Profile, it doesn't actually work.Having deployed it: -cp SuperSnoo
33
Mozilla Firefox Quantum - Suppressing Autoplay Videos
Wed, Dec 6th 2017 6:26a   Dave Hay
So I mostly love the new Firefox 57, aka Quantum, although I have a few niggles with it; my main gripe is that the LastPass plugin appears to have been totally borked.One other issue - autoplay videos :-(Given that I don't use Adobe Flash, I was somewhat grumpy to find that the BBC News site was full of videos that'd start auto-playing as soon as I hit the site.Thankfully, the internet came to the rescue - AGAINHow can I stop videos from automatically starting (autoplay)?This takes one off to




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition