Enabling the SSL Accelerator option
An SSL Accelerator (or SSL Terminator) strips off HTTPS encryption at or before the Web server tier in a multitier setup. When you use an SSL Accelerator with WebSphere Commerce, you can use the SSL Accelerator option to configure WebSphere Commerce to correctly receive requests that require redirects.
Procedure
- Open the WebSphere Commerce configuration file.
- Locate the section for the Web module that you are enabling
an SSL Accelerator.
Each Web module in WebSphere Commerce has a configuration section. For example, the Stores Web module:
<Module contextPath="/webapp/wcs/stores" fileServletEnabled="false" name="Stores" urlMappingPath="/servlet" webAlias="/wcsstore"> <InitParameters adapters="XML/HTTP, BrowserAdapter" contextSetName="Store" handleDoubleClick="true" /> </Module>
- Add the following attributes to the InitParameters element:
For example, to use the default ports that WebSphere Commerce configures for the Stores Web module with an SSL Accelerator, configure WebSphere Commerce following this example:
Where:<Module contextPath="/webapp/wcs/stores" fileServletEnabled="false" name="Stores" urlMappingPath="/servlet" webAlias="/wcsstore"> <InitParameters adapters="XML/HTTP, BrowserAdapter" contextSetName="Store" handleDoubleClick="true" SSLAcceleratorOption="Enabled" inSSLPort="443" inNonSSLPort="80" outSSLPort="443" outNonSSLPort="80" /> </Module>
- SSLAcceleratorOption
- Set the value to "Enabled" to indicate that an SSL Accelerator is used for that Web module.
- inSSLPort
- The port that is configured for WebSphere Commerce to receive
the SSL data. WebSphere Commerce treats any data that is received
on this port as SSL data even if the scheme says
http
. The default is port 443. - inNonSSLPort
- The port that is configured for WebSphere Commerce to receive the non-SSL data. WebSphere Commerce treats any data that is received on this port as non-SSL data. The default port is 80.
- outSSLPort
- The port that WebSphere Commerce uses to send out SSL data on a redirect. The default port is 443.
- outNonSSLPort
- The port that WebSphere Commerce uses to send out non-SSL data on a redirect. The default port is 80.
- Propagate the changes to the WebSphere Commerce configuration file.
- Start your WebSphere Commerce instance if it is not already started.
- Run the following command:
WC_installdir/bin/config_ant.sh -DinstanceName=instance_name UpdateEAR
-
WC_installdir/bin/config_ant.bat -DinstanceName=instance_name UpdateEAR
- Restart your WebSphere Commerce instance.
- Disable SSL for those ports that no longer need SSL by
editing the Web server configuration.For example, if you are using an SSL Accelerator for the Stores Web module, disable SSL for port 443. For the IBM HTTP Server, remove the following directives from the host_name:443 VirtualHost:
SSLEnable SSLClientAuth 0
- Set the Application Server port preference:
- Open the WebSphere Application Server administrative console.
- Expand Servers.
- Click Web Servers.
- Click webserver1 (or the Web Server that is associated with your WebSphere Commerce application).
- Click Plug-in properties.
- Click Request and Response.
- For the Application server port preference field, select Webserver port
- Click OK.
- Save the configuration.
- Regenerate the Web server plug-in configuration file.
- Restart the Web server that WebSphere Commerce is running on.
- Optional: If your site uses a starter store,
change your store environment setup file to create the proper absolute
paths for Ajax links.
- Open WebSphere Commerce Developer and switch to the Enterprise Explorer view.
- Navigate to the following directory:
- Aurora starter store: WC_eardir/Stores.war/storedir/Common/EnvironmentSetup.jspf
- Madisons or Elite starter store: WC_eardir/Stores.war/storedir/include/JSTLEnvironmentSetup.jspf
- WCDE_installdir/workspace/Stores/WebContent/storedir/include/JSTLEnvironmentSetup.jspf
- Open your store environment setup file for editing.
- Located the following commented out code snippet and
remove the commenting out characters in the code:
<% // Add support for possible SSL Accelerator port setup in WC config file. // There could be a setup for using different ports for SSL and nonSSL // which are not 443 and 80 respectively. // Uncomment the code below if using SSL Accelerator and want to read the values from the configuration file. // Reading from config file can have a negative effect on performance. A better approach is to just enter the // port values in this file directly by putting value in inSSLAcceleratorPort and inNonSSLAcceleratorPort // variables below. //WebModuleConfig storeWebModule = ConfigProperties.singleton().getWebModule(WcsApp.storeWebModuleName); int inSSLAcceleratorPort = 443; //if (storeWebModule.getInSSLPort() != null) { // inSSLAcceleratorPort = new Integer(storeWebModule.getInSSLPort()).intValue(); //} int inNonSSLAcceleratorPort = 80; //if (storeWebModule.getInNonSSLPort() != null) { // inNonSSLAcceleratorPort = new Integer(storeWebModule.getInNonSSLPort()).intValue(); //} request.setAttribute("inSSLAcceleratorPort", inSSLAcceleratorPort); request.setAttribute("inNonSSLAcceleratorPort", inNonSSLAcceleratorPort); %>
- Save and close the file.
- Optional: Delete all compiled pages from your
storefront. Your store JSP files must be recompiled for your changes
to appear when a shopper visits your store.
- Navigate to the following directory:
WCDE_installdir/wasprofile/temp/localhost/server1/WC/Stores.war
WAS_installdir/profiles/demo/temp/WC_demo_node/server1/WC_demo/Stores.war
- Delete your entire storedir folder, such as Aurora, and its contents from this directory.
- Navigate to the following directory:
What to do next
Host:
myhost:443
.