IHS Errors or WHY Won’t Connections SSL Work

It happens.  Usually when I’m building a test server on a single box and i’m building in a hurry.  I get everything configured and installed and take a brief stopover at IHS configuration on my way to completing security setup.   I create my keyfile using ikeyman, I import my trusted root certificates from whichever CA I plan to use and I generate a personal certificate.  I think it’s all working fine then I restart IHS and one of two things happen

1. IHS starts but only for 80 not 443

2. IHS starts on both 80 and 443 but I get an error 500 trying to access any Connections page over SSL

The logging on the 2nd error isn’t terribly useful and it’s tempting to run around checking the module mappings and LotusConnections-Config.xml for the source of the problem.  For some reason, even though I’ve seen each of these lots of times, my brain insists on starting at the beginning with debugging and looking at the logs.  So this blog is for you brain - next time just come here and check this first

1. The solution is often that the keyfile either isn’t where I told httpd.conf it was OR where the plugin-cfg.xml is looking for it.  Take time to go check the plugin configuration under your webserver in the ISC and make sure the name and location are what you think they are.  Then go and actually make sure they are there

2. A handshaking error caused by either the signer certificates used by the application servers not being imported into the keyfile OR (and this one drives me batty) installing everything on one box with the same hostname for the WebSphere servers as the IHS server.  In the 2nd instance you can’t have two totally different certificates both claiming to be the same hostname trying to talk to each other.  I export the certificate from WAS trusted key store and import it into ikeyman (or import into WAS and map each of the servers).

In general when I’m configuring IHS it’s always down to a file not being where I told httpd.conf it was.

Here are my rewrite and plugin lines for 64bit IHS on this particular Linux box

LoadModule was_ap22_module “/opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so”

WebSpherePluginConfig “/opt/IBM/HTTPServer/Plugins/config/webserver1/plugin-cfg.xml”

RewriteEngine On RewriteRule ^/$ https://<hostname>/homepage [R,L]

Update: I should have linked to this document which I found in the past and is always useful. Troubleshooting IHS