Enabling the SSL Accelerator option

An SSL Accelerator (or SSL Terminator) strips off HTTPS encryption at or before the Web server tier in a multitier setup. When you use an SSL Accelerator with WebSphere Commerce, you can use the SSL Accelerator option to configure WebSphere Commerce to correctly receive requests that require redirects.

Procedure

Open the WebSphere Commerce configuration file.

Locate the section for the Web module that you are enabling an SSL Accelerator.

Each Web module in WebSphere Commerce has a configuration section. For example, the Stores Web module:


<Module contextPath="/webapp/wcs/stores"
		fileServletEnabled="false"
		name="Stores"
		urlMappingPath="/servlet"
		webAlias="/wcsstore">
	<InitParameters adapters="XML/HTTP, 
BrowserAdapter"
		contextSetName="Store"
		handleDoubleClick="true" />
</Module>

Add the following attributes to the InitParameters element:
For example, to use the default ports that WebSphere Commerce configures for the Stores Web module with an SSL Accelerator, configure WebSphere Commerce following this example:
```
<Module contextPath="/webapp/wcs/stores"
		fileServletEnabled="false"
		name="Stores"
		urlMappingPath="/servlet"
		webAlias="/wcsstore">
	<InitParameters adapters="XML/HTTP, 
BrowserAdapter"
		contextSetName="Store"
		handleDoubleClick="true"
		SSLAcceleratorOption="Enabled" 
		inSSLPort="443" 
		inNonSSLPort="80" 
		outSSLPort="443" 
		outNonSSLPort="80" />
</Module>
```
where:

SSLAcceleratorOption

Set the value to "Enabled" to indicate that an SSL Accelerator is used for that Web module.

inSSLPort

The port that is configured for WebSphere Commerce to receive the SSL data. WebSphere Commerce treats any data that is received on this port as SSL data even if the scheme says http. The default is port 443.

inNonSSLPort

The port that is configured for WebSphere Commerce to receive the non-SSL data. WebSphere Commerce treats any data that is received on this port as non-SSL data. The default port is 80.

outSSLPort

The port that WebSphere Commerce uses to send out SSL data on a redirect. The default port is 443.

outNonSSLPort

The port that WebSphere Commerce uses to send out non-SSL data on a redirect. The default port is 80.
Propagate the changes to the WebSphere Commerce configuration file.
Start your WebSphere Commerce instance if it is not already started.
Run the following command:
- WC_installdir/bin/config_ant.sh -DinstanceName=instance_name UpdateEAR
- WC_installdir/bin/config_ant.bat -DinstanceName=instance_name UpdateEAR
Restart your WebSphere Commerce instance.
Disable SSL for those ports that no longer need SSL by editing the Web server configuration.
For example, if you are using an SSL Accelerator for the Stores Web module, disable SSL for port 443. For the IBM HTTP Server, remove the following directives from the host_name:443 VirtualHost:
```
SSLEnable
SSLClientAuth 0
```
Set the Application Server port preference:
1. Open the WebSphere Application Server administrative console.
2. Expand Servers.
3. Click Web Servers.
4. Click webserver1 (or the Web Server that is associated with your WebSphere Commerce application).
5. Click Plug-in properties.
6. Click Request and Response.
7. For the Application server port preference field, select Webserver port
8. Click OK.
9. Save the configuration.
10. Regenerate the Web server plug-in configuration file.
Restart the Web server that WebSphere Commerce is running on.

Optional: If your site uses a starter store, change your store environment setup file to create the proper absolute paths for Ajax links.

Open WebSphere Commerce Developer and switch to the Enterprise Explorer view.
Navigate to the following directory:
- Aurora starter store: WC_eardir/Stores.war/storedir/Common/EnvironmentSetup.jspf
- WCDE_installdir/workspace/Stores/WebContent/storedir/include/JSTLEnvironmentSetup.jspf
Open your store environment setup file for editing.

Located the following commented out code snippet and remove the commenting out characters in the code:

<%
// Add support for possible SSL Accelerator port setup in WC
config file.
// There could be a setup for using different ports for SSL and
nonSSL
// which are not 443 and 80 respectively.
// Uncomment the code below if using SSL Accelerator and want to
read the values from the configuration file.
// Reading from config file can have a negative effect on
performance. A better approach is to just enter the
// port values in this file directly by putting value in
inSSLAcceleratorPort and inNonSSLAcceleratorPort
// variables below.
//WebModuleConfig storeWebModule =
ConfigProperties.singleton().getWebModule(WcsApp.storeWebModuleName);
int inSSLAcceleratorPort = 443;
//if (storeWebModule.getInSSLPort() != null) {
// inSSLAcceleratorPort = new
Integer(storeWebModule.getInSSLPort()).intValue();
//}
int inNonSSLAcceleratorPort = 80;
//if (storeWebModule.getInNonSSLPort() != null) {
// inNonSSLAcceleratorPort = new
Integer(storeWebModule.getInNonSSLPort()).intValue();
//}
request.setAttribute("inSSLAcceleratorPort", inSSLAcceleratorPort);
request.setAttribute("inNonSSLAcceleratorPort",
inNonSSLAcceleratorPort);
%>

Save and close the file.

Optional: Delete all compiled pages from your storefront. Your store JSP files must be recompiled for your changes to appear when a shopper visits your store.
1. Navigate to the following directory:
  - WCDE_installdir/wasprofile/temp/localhost/server1/WC/Stores.war
  - WAS_installdir/profiles/demo/temp/WC_demo_node/server1/WC_demo/Stores.war
2. Delete your entire storedir folder, such as Aurora, and its contents from this directory.

What to do next

After you enable the SSL Accelerator option, you must configure the requests that are being received on port 443. Ensure that the Host HTTP header is updated to include the port number. For example, Host: myhost:443.