Help/Systems SEQUEL Software PowerTech Skybot Software
Help/Systems
The World's Leader in IBM iSeries Software Solutions
HomeSupportHelp/FACTS › Using Secure Sockets Layer with the Robot Browser Interface

Using Secure Sockets Layer with the Robot Browser Interface

Product: 
Robot Browser Interface

Use these instructions to configure the Robot Browser Interface Portal Server to send and receive information using Secure Sockets Layer (SSL). SSL technology encrypts (encodes) the communication between Web browsers and the Portal Server. This encryption provides security against unwanted access to usernames, passwords, or other sensitive information. If you plan to provide access to the Portal Server via the Internet, we recommend using SSL to communicate with the Portal Server.

Before You Begin

Before you start the process to configure SSL, make sure that the Portal Server is not running.

Tips

If you are using your System i for your Web server, and receive the message "Page cannot be displayed error" after setting up SSL, try the following:

  1. Ensure your Web server is active by running the PORTSTCFG command from the command line.  If not running, start the server by running the PORSTARTUP command on your System i. If it is running, move to the step 2.
  2. Go to the non-secured url (http:// your address:8008). If this does not display the signon screen, contact Help/Systems.

    3. If it does display the signon screen, that means that the RBI setup is OK and there may be a problem with your Internet options.

SSL uses the TLS protocol when the web server is the iSeries.  This needs to be activated in the internet options of the web browser that is being used to access Robot Browser Interface.   Where this setting is located will depend on what you are using for your internet browser.  Many times the error page that the browser software displays will list some things to look at to ensure the internet options are correct.  Follow the instructions to see if you can find where you define to use TLS.

If you are using Internet Explorer:

  1. Open Internet Explorer.
  2. Click Tools, and select Internet Options
  3. Click the Advanced tab and scroll down to the security section.
  4. Scroll down and ensure that the "Use TLS 1.0" box is checked. If not, check that and click Apply.
  5. Close and reopen Internet Explorer.
  6. Type your portal information in the address bar and press enter.  Example (https://192.168.0.123:8443)
  7. You may get a window stating you need to accept this certificate. Respond to this dialog and the Robot Browser Interface signon page displays.

Note:  When defining SSL on a Windows machine, this didn't seem to be a problem. The Windows and Unix environment use SSL differently.

Configuring SSL

  1. Go to the directory where the Portal Server is installed.
  2. Locate the directory where Java 1.4 is installed on your server (see the table). In this directory, locate the subdirectory called bin and the executable file called keytool.
    3. Environment Location
    iSeries /QIBM/ProdData/Java400/jdk14/bin/keytool
    Windows \Program Files\Help Systems\Common Java\jvm\bin\keytool
    UNIX Talk to your UNIX Administrator. Or, view the startPortal.sh file to determine
    the location for JAVA_HOME.

     

  3. Enter the full keytool command for your environment (see the table).
    4. Environment Location
    iSeries /QIBM/ProdData/Java400/jdk14/bin/keytool -genkey -alias tomcat -keyalg
    RSA -keystore keys
    Windows \Program Files\Help Systems\Common Java\jvm\bin\keytool -genkey -alias
    tomcat -keyalg RSA -keystore keys
    UNIX /JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore keys
    Where: JAVA_HOME is the directory where Java 1.4 is installed.

     

  4. When prompted for a password, enter a password and remember it.
  5. Enter your company’s information and location at the various prompts (for a sample, see the table below). When you are finished, a file called keys should exist in the current directory.
    6. Prompt Response
    Enter keystore password: My Password
    What is your first and last name? [Unknown]: First Name Last Name
    What is the name of your organizational unit? [Unknown]: Information Technology
    What is the name of your organization? [Unknown]: ACME Company
    What is the name of your City or Locality? [Unknown]: Anytown
    What is the name of your State or Province? [Unkown]: MN
    What is the two-letter country code for this unit? [Unknown]: US
    Is CN=First Name Last Name, OU=Information
    Technology, O=ACME Company, L=Anytowm,
    ST=MN, C=US correct?    		 [no]: yes
    Enter key password for <tomcat> [Return if the same as the keystore
    password]: Press Return

     

  6. Open and edit the file server.xml. This file’s location depends on the directory where the Portal Server is installed (see the table below).
    7. Environment Location
    iSeries /helpsystems/portal/conf/server.xml
    Windows \Program Files\Robot Browser Interface\conf\server.xml
    UNIX /opt/helpsystems/conf/server.xml*

    * On UNIX systems, this is the usual location for the file. If the server.xml file is not located here and you cannot locate it, contact your UNIX Administrator.

  7. In the Connector block, set the redirectPort value to 8443 (shown in bold).

    8. <Connector className=”org.apache.coyote.tomcat4.CoyoteConnector” port=”80” minProcessors=”5” maxProcessors=”20" enableLookups=”false” redirectPort=”8443” acceptCount=”5” debug=”0” connectionTimeout=”5000" useURIValidationHack=”false” disableUploadTimeout=”true”/>

  8. Add a second Connector block (shown below) and specify the redirect port value and password (shown in bold). Specify the port number as 8443 to match the value of the redirectPort and change the value of the keys file password (keystorePass=anyPassword) to the password you entered in step 4 when you ran the keytool program:

    9. <Connector className=”org.apache.coyote.tomcat4.CoyoteConnector” port=”8443” minProcessors=”5” maxProcessors=”20” enableLookups=”false” scheme=”https”secure=”true” acceptCount=”5” debug=”0” connectionTimeout=”8000” useURIValidationHack=”false” disableUploadTimeout=”true”><Factory className=”org.apache.coyote.tomcat4.CoyoteServerSocketFactory” clientAuth=”false” protocol=”TLS” keystoreFile=”keys” keystorePass=”My Password”/></Connector>

  9. Save your changes and exit the server.xml file.
  10. Start the Portal Server and try connecting to the Portal using the following URL:

    11. https://someserver:8443

    Where someserver is the name or IP address of your Portal Server.

    Note: The URL must start with https, not http.

  11. When you connect to the Portal Server for the first time, your Web Browser should display a site certificate dialog (see the examples). Click Yes or Ok to display the Portal Login Page.

    12. Note: Some versions of Netscape may ask a second question. Click Yes or Ok.

Example Certificate Dialog for Internet Explorer 6.0

 

Example Certificate Dialog for Netscape Navigator 6.0

 

Updated 11/12/2010