Configuring IBM HTTP Server

To secure the connection between the i2 Analyze application server and the HTTP server, you must arrange for the plugin-cfg.xml file to contain some necessary information.

  1. Stop the HTTP server.
  2. Navigate to the toolkit\configuration\environment directory, and open the http-server.properties file in a text editor.
  3. Set the value of the http.server.ssl.require.secure.backend property to true, and then save and close the file.
  4. Open a command prompt, and navigate to the toolkit\scripts directory.
  5. To deploy i2® Analyze with the edited http-server.properties file, run the following commands: 
    setup -t configureHttpServer
setup -t deployLiberty
    The plugin-cfg.xml file is updated to enforce that a secure connection is available between the HTTP server and Liberty.
  6. Navigate to the IBM\HTTPServer\plugins\iap\config directory, and open the plugin-cfg.xml file in an XML editor.
  7. In each <ServerCluster> element, there is a child <Server> element. Ensure that each of these <Server> elements has a child <Transport> element that uses the https protocol.
    Update the <ServerCluster> element with the value "opal-server_cluster".
    1. Add the following element to any of the child <Server> elements that do not have a child <Transport> element that uses the HTTPS protocol. 
      <Transport Hostname="hostname" Port="portnumber" Protocol="https">
</Transport>

      hostname is the same as for the <Transport> element that uses the HTTP protocol, and portnumber matches the value in the port definition properties for the application that you are securing. You can find this value in C:\IBM\i2analyze\toolkit\configuration\environment\opal-server.

    2. Add the following <Property> elements as children of each <Transport> element that uses the HTTPS protocol: 
      <Property Name="Keyring" Value="C:/IBM/i2analyze/i2-http-keystore.kdb"/>
<Property Name="Stashfile" Value="C:/IBM/i2analyze/i2-http-keystore.sth"/>
      Where the Value attributes contain the absolute paths to the keystore for the HTTP server and the associated password stash file.
    3. Save and close the plugin-cfg.xml file.
  8. Restart the HTTP server.

To ensure that the configuration is correct, look in the IBM\HTTPServer\plugins\iap\logs\plugin-cfg.log file.

If the <Property> elements for the keyring and stashfile are not present on each <Transport> element in your plugin-cfg.xml, the following error message is displayed: 
ERROR: ws_transport:
transportInitializeSecurity: Keyring was not set.
ERROR: ws_transport:
transportInitializeSecurity: No stashfile or keyring password given.
To resolve this issue, ensure that the <Property> elements for the keyring and stashfile are present on each <Transport> element in your plugin-cfg.xml.