Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client – typically a web server (website) and a browser. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
SSL is highly recommended on a publicly facing implementation of Maximo. HTTP is insecure and is subject to eavesdropping attacks because the data being transferred from the web browser to the web server or between other endpoints, is transmitted in plaintext. This means attackers can intercept and view sensitive data, such as account logins. When data is sent or posted through a browser using HTTPS, SSL ensures that such information is encrypted and secure from interception.
In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information.
Types of Certificates
There are 2 types of certificates to be used.
- Self-signed Certificates
- Certificates generated by your own organization with a key generator tool (Eg: IBM iKeyman utility)
- Acceptable for use in Maximo Development environments or intranet sites
- Certificate Authority (CA) signed certificates
- Certificates issued by a trusted third party (Eg: GoDaddy)
- Suited for Production environments or public internet sites
Example: Integrating a self-signed certificate with Maximo
- Open the IBM Key Management Tool (iKeyman) and create a new database key file
- Set a password for it and check Stash password to a file
- Click OK
- Click New Self-Signed…
- Specify the Key Label, Version, Key Size, Signature Algorithm, and Validity Period. All other fields are optional. Then click OK to generate the certificate
- Exit the ikeyman tool
- Open the \IBM\HTTPServer\conf\httpd.conf file with an editor
- Restart the IBM HTTP Server. You can do this within WebSphere (Servers > Server Types > Web servers) or in the Windows Services menu under IBM HTTP Server v8.5
- Open a browser, test by accessing the web server homepage (https://<hostname>/)
- Log into WebSphere to update your Virtual Host to include Host Aliases with ports 443 and 9443. Then go to the webserver, generate and propagate the plug-in. Then restart the web server.
- Start up your Websphere application server (MXServer)
- Open a browser, test by accessing the Maximo homepage (https://<hostname>/maximo)