Forcing traffic to be sent over SSL

Although HCL Docs supports both http and https protocols, it is best to force https traffic. To force https, you must first configure the HTTP server.

Procedure

  1. Configure HTTP Server.
    1. For IBM HTTP Server, configure it according to the instructions in the technote Rewriting HTTP (port 80) requests to HTTPS (port 443).
    2. If you are using another HTTP server, refer to the appropriate documentation.
  2. Optional: Configure WebSphere server. To force https traffic, set security for WebSphere cookies by completing one of the following procedures:
    • To secure session cookies, complete the following steps:
      1. Log in as administrator to the WebSphere Application Server Integrated Solutions Console of the server hosting HCL Connections.
      2. Select Servers > Application servers.
      3. Select the server hosting HCL Docs, Viewer, and Conversion from the list of server names.
      4. Click Session Management, and then click Enable cookies.
      5. Select the Restrict cookies to HTTPS sessions check box.
      6. Click Apply, and then click OK.
    • To secure LTPA tokens, complete the following steps:
      1. From the WebSphere Application Server Integrated Solutions Console, expand Security, and then click Global security.
      2. Expand Web and SIP security, and then click single sign-on (SSO).
      3. Select the Requires SSL check box.
      4. Click Apply, and then click OK.
  3. Configure HCL Docs, Viewer, and Conversion. If you force https traffic, you must also change the HCL Docs cookies configuration as following:
    1. Log in to the WebSphere Deployment Manager server.
    2. Open <WAS_HOME>/profiles/<DMGR>/config/cells/{cellname}/IBMDocs-config/.
    3. Change http to https in urls of concord-config.json, viewer-config.json, conversion-config.json, docs-daemon-config.json and viewer-daemon-config.json.
    4. Open the WebSphere console and click System administration > Nodes > Select All > Synchronize.
    5. Click Servers > Clusters > WebSphere application server clusters. Select Docs cluster, Viewer cluster and Conversion cluster, and then restart them.
    6. Go to Applications > Application Types > WebSphere enterprise applications. Restart News Application.
  4. Configure CMIS properties. If the environment has CMIS installed, you must check the configuration in <WAS_HOME>/profiles/<AppSrv>/installedApps/{cellname}/fncmis.ear/fncmis.war/WEB-INF/classes/cmis.properties, and change cmisURI=http://hostserver to cmisURI=https://hostserver. And then restart the CMIS application.