| August 30, 2022
HCL Compass - Configuring secure connection on Compass Web with SSL communication
Introduction:
Compass Web client is accessed through a web URL on intranet / internet. Hence it becomes important and necessary to protect your data from threats/risks. To make sure your Compass Web client is secure, it needs to be configured with SSL (Secured Socket Layer) connection. This documentation will walk you through the steps for configuring Compass Web client with SSL communications.
Environment:
HCL Compass version: 2.1.0
IBM HTTP Server (IHS) : 9.0.0.10
IBM WebSphere Application Server (WAS) version: 9.0.0.10
Important Notes:
- IBM HTTP Server is the most popular web server, and IBM WebSphere Application Server (WAS) is the most popular application server, used for Compass Web application. Hence this documentation discusses about using IHS and WAS for configuring SSL connection
- In this documentation we have discussed creating self-signed certificate for configuring SSL connection. If you have security certificates issued by a third-party certification authority, you need to import them
When we install and configure Compass Web client for the first time, the SSL connection is not configured / enabled by default. If we try to access the Compass Web URL on HTTPS port, i.e https://<hostname>/cqweb/ , it throws the following error:
We will now enable SSL connection on Compass Web with the following steps.
Step-1: We need to create server certificate and key database file on the web server. The following screenshots will show how to create server certificate and key database file using IBM HTTP Server Key Management utility (briefly called as IKEYMAN utility) (graphical user interface):
Run Key Management Utility (iKeyMan) as administrator
Click on Key database file > New
Click on OK
It will prompt you for creating a password as mentioned in the below screenshot. Enter the password as per your choice and confirm it and click on OK.
Note: Make sure you remember / note this password for future reference
After clicking on OK, it confirms that the action is completed, as highlighted in below screenshot. The key database file is now created.
We will now create a personal certificate
Select Personal certificates from Key database content frame > click on New self-signed…
Enter key label and click on OK. The common name is usually the hostname where the certificate is being created:
The below screenshot confirms that personal certificate is created:
Note: If you have security certificates issued by third party certificate authority, refer the link no. 2 mentioned at the end of this documentation, to receive the certificate instead of creating self-signed certificate
Step-2: Enable SSL in IHS config file httpd.conf. to do this, we will uncomment necessary lines from line no. 798 to line no. 806 under ibm_ssl_module . Once done, restart I.H.S service for the changes to take effect.
Step-3: Accessing Compass Web server on the server itself:
Access CQWeb URL on HTTPS port i.e https://<hostname>/cqweb/ locally on the Compass Web server, and it should now allow you to logon to Compass Web.
Following screenshot shows Compass Web being accessed on the URL https://localhost/cqweb/:
Step-4: Accessing Compass Web URL outside server:
If you replace <hostname> with the actual hostname or IP address of Compass Web server, the URL can be accessed from outside the Compass Web server as well.
Note: Since we have used self-signed certificate and not the one from a certification authority, the above screen complains about invalid security certificate. The CA certificate should not throw this warning
Reference links:
- Configuring secure connections
- Securing with SSL Communications
https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=environment-securing-ssl-communications - Managing keys with the IKEYMAN graphical interface (Distributed systems)
https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=environment-managing-keys-ikeyman-graphical-interface-distributed-systems - Creating a self-signed certificate
https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=systems-creating-self-signed-certificate - Receiving a signed certificate from a certificate authority
Comment wrap
