Steps to make LANSA web server on I use SSL?

[atostaine]

We have the Apache server running on IBM i V7R5. Does anyone have the steps required to make the server use our system SSL certificate? I realize that probably all the steps are IBM configurations but I'm wondering how that affects our LANSA jobs? None of our lansa web sites are on port 80/443.

[adale]

Art,
Here is a link to the IBM DCM faq, which is where I start when working with SSL certs:
https://www.ibm.com/support/pages/node/6607872

Our VL lansa applications are running in the HTTP web server on the standard port 443, but I believe you can set up your virtual hosts in the httpd.conf config to use what ever port you want. We are on v7.4, but I assume v7.5 would be the same.

And if you are utilizing the Web Services (serving REST-API's), this was helpful:
https://www.ibm.com/support/pages/node/685355

[atostaine]

Thanks for the reply. I've done other web server instances on the IBM i, but never a LANSA instance. There's nothing to change on the LANSA side?

Art

[caseywhite]

Art,

Only additional step in LANSA is to use the Web Administrator and create a new entry under Maintain Systems for the SSL port (e.g. 443) that you are using. You probably only have the HTTP port set up right now.

[René Houba]

You will have to extend the HTTP configuration file with something like this (can be done by filling settings in the web IBM environment when activating SSL):

LANSA and SSL (1).JPG (29.43 KiB) Viewed 37250 times

Using the LANSA Web Administrator add a system for port 443 (or another port of course):

LANSA and SSL (2).JPG (43.86 KiB) Viewed 37250 times

And select SSL for the system:

LANSA and SSL (3).JPG (56.7 KiB) Viewed 37250 times

[atostaine]

Thanks again. I'll probably try this weekend.

Art

[adale]

I looked in one of my httpd.conf files which has been active for quite some time (started with WAMS on V13, and now V15, with both WAMS and VL web running), so some of these lines may no longer apply, but you may want to review for current relevance. I haven't dug into this in a while, so someone with more expertise might have more input on these config lines as well.
Inside the Virtual host for the HTTPS segment, I did not see anything related to Lansa specific.

In the Container Management, Directory for the Lansa COMLIB
88 # NEXT 2 LINES NEED FOR V13SP2
89 CGIConvMode BINARY
90 DefaultNetCCSID 1208


In the URL mapping, Aliases
127 ScriptAliasMatch ^/cgi-bin/lansaweb(.*) /qsys.lib/dcxcomlib.lib/lansaweb.pgm$1
128 ScriptAliasMatch ^/cgi-bin/jsmdirect(.*) /QSYS.LIB/DCXJSMLIB.LIB/JSMDIRECT.PGM$1
129 ScriptAliasMatch ^/cgi-bin/jsmproxy(.*) /QSYS.LIB/DCXJSMLIB.LIB/JSMPROXY.PGM$1
130 ScriptAliasMatch ^/cgi-bin/jsmadmin(.*) /QSYS.LIB/DCXJSMLIB.LIB/JSMADMIN.PGM$1
131 ScriptAliasMatch ^/dcxpgmlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/LANSAWEB.PGM$1
132 ScriptAlias /cgi-bin/ /qsys.lib/dcxcomlib.lib/
133 #
134 LoadModule vlweb_module /QSYS.LIB/DCXCOMLIB.LIB/MOD_VLWEB.SRVPGM