Configuring the HTTP server for SSL

In a default deployment of i2® Analyze, SSL is unavailable. To enable clients to connect through SSL, you must modify the configuration of both the i2 Analyze application and the HTTP server.

Ensure that the following attributes of the <application> element in the topology.xml are set correctly:
  • The http-server-host attribute is set to true
  • Ensure that the host-name attribute is set to the name of the server that you are running Liberty on.

For more information about modifying the topology file, see Modifying the topology.

  1. Stop the HTTP server.

    Run the command to stop the HTTP server, C:\IBM\HTTPserver\bin\httpd -k stop.

  2. Edit the http-server.properties file.
    1. Navigate to the toolkit\configuration\environment directory, and open the http-server.properties file in a text editor.
    2. Set the http.server.ssl.enabled property to true.
    3. Set the http.server.keystore.file property to the location of the key database file of your HTTP server.
      For example, C:/i2/i2analyze/i2-http-keystore.kdb.
    4. Set the http.server.keystore.certificate.label property to the label of the HTTP server certificate that is in the key database file. For example, httpKey.
  3. Open a command prompt and navigate to the toolkit\scripts directory.
  4. To deploy i2 Analyze with the edited http-server.properties file, and to install the SSL configuration on the HTTP server, run the following commands. 
    setup -t deployLiberty
setup -t configureHttpServer
    The httpd.conf and plugin-cfg.xml files are updated to use the SSL configuration.
  5. Start Liberty.
    To start Liberty, run the following command on each Liberty server:
    setup -t startLiberty
  6. Restart the HTTP server.

    Run the command to start the HTTP server, C:\IBM\HTTPserver\bin\httpd -k start.

If you modified the FrontEndURI property in your deployment, you must update it to use the HTTPS protocol. For more information about changing the FrontEndURI property, see Deploying a proxy server for use with i2 Analyze.

To test that the connection is using SSL in your deployment, see Testing SSL in an i2 Analyze deployment.