WEB | Converting p12 to kdb files using gskcmd

Converting p12 to kdb files using gskcmd Test Environment -Test Version : IBM HTTPServer v9.x Key file conversion 1. pem to p12 # openssl pkcs12 -export -inkey Wildcard.test.co.kr_pem.key -in Wildcard.cardif.co.kr_pem.pem -out Wildcard.test.co.kr.p12 2. p12 to kdb You can invoke the gskcapicmd from the install_root/bin directory Converting key file # ./gskcapicmd -cert -export -target key.kdb...

SSL | WebSphere TLS Clearing issues

WebSphere TLS Clearing issues Is TLS v1.2 supported in WebSphere Full Profile 7.0, 8.0, 8.5? What's minimum fix pack? Answer: TLsv1.2 Suppport on V7.0.0.23 on wards TLsv1.2 Support on 8.0.0.3 onwards and 8.5.0.0. TLS v1.2 supported in WebSphere with following JDK version. 7.0.0.23 comes JDK version as follows and TLSv1.2 supported SDK 6 (32-bit) pap3260sr10fp1-20120321_01(SR10 FP1) (64-bit) pap6460sr10fp1-20120321_01(SR10...

WAS | WebSphere v9.0.5.1 Basic install guide

WebSphere v9.0.5.1 Basic install guide OS : CentOS 7 3.10.0-957.el7.x86_64 IM imcl install tip. Check the package name simply {img_file}/Offerings IM install ./imcl install com.ibm.cic.agent -repositories "/sw/img/im/repository.config" -installationDirectory "/sw/IBM/InstallationManager/eclipse" -sharedResourcesDirectory "/sw/IBM/IMShared" -acceptLicense -sP In this guide, use the existing Installation...

WAS | How to disable server name header

WebSphere - How to disable server name header Test Version Test OS : CentOS 7.2 Test WAS : WebSphere v8.5 X-Powered-By disable setting 보안 취약점 사항 IBM HTTPServer (apache) This can be mitigated by adding (httpd.conf): AddServerHeader Off ServerTokens Prod ServerSignature Off WebSphere v8.5.0.2...

SSL Cipher setting

cipher SSL Cipher settingTest EnvironmentTest OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5 Cipher settingApply the following command to the httpd.conf file.LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 443 NameVirtualHost *:443 <VirtualHost *:443> DocumentRoot...

Set Non-Domain Access Processing

Set Non-Domain Access Processing Set Non-Domain Access ProcessingTest EnvironmentTest OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5 apache httpd.conf settingtip You can set it up on the web server of the Apache class.Forward to the virtual host that is error-handling for non-domain specified. The point is not to give a serverName value to a dummy virtual host.Listen 80 Listen...

IBM HTTPServer - SSL Ciphers Check

How to check which ciphers are applied when using SSLTest Environment Test OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5.0.0 Methods for checking ciphers for SSL set in web serverCheck Options : [root@testServer11 bin]# ./apachectl -h Usage: /SW/web/HTTPServer/bin/httpd [-D name] [-d directory] [-f file] [-C "directive"] [-c "directive"] ...

IBM HTTPServer - HTTP 메소드 차단

WebServer 메소드 차단 WebServer 메소드 차단 방법Test OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5 IBM HTTPServer 에서 보안상의 이유로 HTTP 메소드 차단 요청이 들어와 테스트한 내용 정리.IHS의 경우 apache 기반이기 때문에 해당 설정은 apache에서도 같이 적용이 가능. httpd.conf 파일 수정#GET, POST를 제외한 메소드 제한 <Directory /> Options FollowSymLinks AllowOverride None <LimitExcept GET POST> Order allow,deny Deny from all </LimitExcept> </Directory> 보통...

IBM HTTPServer version info

IHS v8.5, v9.0 apache version Info PS E:\app\was\HTTPServer\bin> .\apache.exe -V Server version: IBM_HTTP_Server/8.5.5.0 (Win32) Apache version: 2.2.8 (with additional fixes) Server built:   Feb 20 2013 13:50:05 Build level:    IHS90/webIHS1307.02 Server's Module Magic Number: 20051115:21 Server loaded:  APR 1.2.12, APR-Util 1.2.12 Compiled using: APR 1.2.12,...

IBM HTTPServer rotatelogs log setting

로테이션 HTTPServer 로그 로테이션 설정Test EnvironmentTest OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5 (apache) 아파치 로그 설정(로테이션 설정) 위치 : /IBM/HTTPServer/conf 수정 : httpd.conf # ErrorLog logs/error_log ErrorLog "|/IBM/HTTPServer/bin/rotatelogs /IBM/HTTPServer/logs/error_%Y%m%d.log 86400" # CustomLog logs/access_log common CustomLog "|/IBM/HTTPServer/bin/rotatelogs /IBM/HTTPServer/logs/access_%Y%m%d.log...

SSL setting

ssl setting SSL SettingTest OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5, WebSphere v8.5 httpd.conf 수정 부분 위치 : F:\IBM\HTTPServer\conf 파일 : \httpd.conf 수정 : SSL 설정 부분의 주석 해제 ### SSL Module Start ### NameVirtualHost 211.1.1.1:80 NameVirtualHost 211.1.1.1:443 LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 443 <VirtualHost ad1.test.com:80> # ServerAdmin webmaster@dummy-host.example.com ...

WebSphere WEB - WAS 동적, 정적 컨텐츠 구분

web,wasfile WEB - WAS 동적 & 정적 구분Test EnvironmentTest OS : CentOS 7.2 Test Version : IBM HTTPServer v8.5, WebSphere v.85 WebSphere에서 컨텐츠 구분을 위해 작업해줘야 하는 사항사실 별다른 설정없이 Plugin에 Uri 패턴설정만 해줘도 상관은 없다.Plugin-cfg.xml 파일을 커스트마이징해서 전체 request에 대한 Uri 매핑을 만들게 되면 당연히 WebServer에서는 모든 request를 WAS로 전달 위치 : F:\IBM\HTTPServer\Plugins 수정 : Plugin-cfg.xml 수정 부분 <UriGroup Name="default_host_server1_root-PCNode01_Cluster_URIs"> ...

pluginMerge tool 이용한 plugin Merge 방법

pluginMerge tool 이용한 plugin Merge 방법 install_root/bin/pluginMerge.sh plugin_configuration_file1 plugin_configuration_file2 resulting_plugin_configuration_file install_root/bin/pluginCfgMerge.sh plugin_configuration_file1 plugin_configuration_file2 resulting_plugin_configuration_file install_root\bin\pluginMerge.bat...

Plugin 의 key 파일 관련 이슈

For IBM HTTP Server Versions 6.0 or 6.1, issue the gsk7capicmd command to determine if the password being used on your system expires on April 26, 2012. This command is located in your [gsk_root]/bin directory.gsk7capicmd -keydb -expiry -db "C:\temp\plugin-key.kdb" -pw WebAS The resulting output indicates the expiration date for the password: For example, the following output indicates that the...