Securing Maximo with SSL

What is SSL?

Microsoft SSL lockSecure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client – typically a web server (website) and a browser.  It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.

 

When to use SSL?

SSL is highly recommended on a publicly facing implementation of Maximo. HTTP is insecure and is subject to eavesdropping attacks because the data being transferred from the web browser to the web server or between other endpoints, is transmitted in plaintext. This means attackers can intercept and view sensitive data, such as account logins. When data is sent or posted through a browser using HTTPS, SSL ensures that such information is encrypted and secure from interception.

In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information.

 

Types of Certificates

There are 2 types of certificates to be used.

  • Self-signed Certificates
    1. Certificates generated by your own organization with a key generator tool (Eg: IBM iKeyman utility)
    2. Acceptable for use in Maximo Development environments or intranet sites
  • Certificate Authority (CA) signed certificates
    1. Certificates issued by a trusted third party (Eg: GoDaddy)
    2. Suited for Production environments or public internet sites

 

Example: Integrating a self-signed certificate with Maximo

  1. Open the IBM Key Management Tool (iKeyman) and create a new database key file
    1. Set a password for it and check Stash password to a file
    2. Click OK

IBM Key Management Tool maximo ikeyman

  1. Click New Self-Signed…
    1. Specify the Key Label, Version, Key Size, Signature Algorithm, and Validity Period. All other fields are optional. Then click OK to generate the certificate
    2. Exit the ikeyman tool

  1. Open the \IBM\HTTPServer\conf\httpd.conf file with an editor
    1. Scroll down to the example SSL configuration section and add the entries as show below:
      Maximo httpserver httpd.conf file
    2. Optional but recommended – enable SSL redirect so all HTTP traffic will be redirected to HTTPS. Search for mod_rewrite, uncomment and add the lines below:Enable SSL redirect
  2. Restart the IBM HTTP Server. You can do this within WebSphere (Servers > Server Types > Web servers) or in the Windows Services menu under IBM HTTP Server v8.5
  3. Open a browser, test by accessing the web server homepage (https://<hostname>/)
    IBM HTTP Server Websphere
  4. Log into WebSphere to update your Virtual Host to include Host Aliases with ports 443 and 9443. Then go to the webserver, generate and propagate the plug-in. Then restart the web server.
  5. Start up your Websphere application server (MXServer)
  6. Open a browser, test by accessing the Maximo homepage (https://<hostname>/maximo)

Author: Bennet Tan, Senior Consultant at Ontracks

Bennet is a senior consultant at Ontracks. With over 7 years of IT administration and 8 years of Maximo consulting experience, his primary focus lies in providing client-based Maximo software consulting and support services.

He is an IBM Maximo 7.6 Certified Advanced Deployment Professional and an advocate of utilizing proper Asset Management to streamline business processes to deliver the best user experience possible.

 

Please follow and like us: