Enabling remote access to your servers

The portal site management publish feature requires at least two portal systems: a source system, where you create new pages that you need to publish, and a target system, where you make the new pages visible to portal users. For the source and target servers, you can use two different portal environments, including virtual portals on the same or different environments. In order to display the contents of the systems in the Resource Manager portlet, make sure that they are configured properly. By default, the portal server is pre-configured to allow remote access. However, more complex production and security configurations may disable this access. If any of the servers are enabled for Secure Socket Layer (SSL), you must perform additional steps on the server where you will manage your site.

If you have a portal cluster, you need to run the enable-http-basic-auth-tai-sitemgmt task before you start managing your site.
A WebSphere Application Server Trust Association Interceptor (TAI) is used to authorize access to the servers. If you have determined that the TAI is not enabled in the WebSphere Application Server administrative console, run the task enable-http-basic-auth-tai-sitemgmt, as described in the following.
Note: Individual virtual portals on a single portal server do not require the enable-http-basic-auth-tai-sitemgmt task to be run more than once on the same server.
  1. Open a command prompt and change to the directory where WebSphere Portal ConfigEngine is installed, on the corresponding operating system:
  2. Enter the following command:
    • UNIX: ConfigEngine.sh enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=password -DWasPassword=password
    • i5/OS: ConfigEngine.sh enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=password -DWasPassword=password
    • Windows: ConfigEngine.bat enable-http-basic-auth-tai-sitemgmt -DPortalAdminPwd=password -DWasPassword=password
    Use -DPortalAdminPwd=password -DWasPassword=password to specify the portal and WebSphere Application Server passwords.
    Note: This task uses the settings in the file wkplc_comp.properties to configure the TAI. Although the TAI settings are pre-configured to work without requiring adjustment, you can change the settings before running the task if you need to configure the TAI differently.
  3. Optional: Choose the appropriate steps to perform on the server where you will manage your site to access any SSL servers:
    Note: These steps are only required if your server is configured for SSL (https://) and your certificate is not from a trusted Certificate Authority; for example, self-signed certificates.
    Option Description
    UNIX Perform the following steps to access SSL servers:
    1. Go to the AppServer_root/bin directory and open the ikeyman.sh file.
    2. Select Key Database File > Open.
    3. Click the Browse button.
    4. Change to the AppServer_root/java/jre/lib/security directory.
    5. Change Files of Type to All Files.
    6. Select the cacerts file and then click Open.
    7. Click OK.
    8. Enter the password for your cacerts file in the Password field. By default the password is changeit.
    9. Click Add.
    10. Enter the following information on the Add CA's Certificate from a File screen:
      • Select one of the following Data Types:
        • Base64-encoded ASCII
        • Binary DER data
      • Select the Certificate file name or click Browse to locate the file.
      • Enter the Location of the certificate file.
    11. Click OK.
    12. Stop and restart the WebSphere Portal.
    Windows Perform the following steps to access SSL servers:
    1. Go to the AppServer_root\bin directory and open the ikeyman.bat file.
    2. Select Key Database File > Open.
    3. Click the Browse button.
    4. Change to the AppServer_root\java\jre\lib\security directory.
    5. Change Files of Type to All Files.
    6. Select the cacerts file and then click Open.
    7. Click OK.
    8. Enter the password for your cacerts file in the Password field. By default the password is changeit.
    9. Click Add.
    10. Enter the following information on the Add CA's Certificate from a File screen:
      • Select one of the following Data Types:
        • Base64-encoded ASCII
        • Binary DER data
      • Select the Certificate file name or click Browse to locate the file.
      • Enter the Location of the certificate file.
    11. Click OK.
    12. Stop and restart the WebSphere Portal.
    i5/OS Perform the following steps to access SSL servers:
    1. Map a drive from a Windows machine, where the WebSphere Application Server plug-ins are installed, to the i5/OS file system.
    2. Make a backup copy of the cacerts files located in the i5/OS directory: QIBM/ProdData/Java400/jdk15/lib/security.
    3. Go to the AppServer_root/bin directory and open the ikeyman.bat file.
    4. Select Key Database File > Open.
    5. Click the Browse button.
    6. Change to the AppServer_root/java/jre/lib/security directory.
    7. Change Files of Type to All Files.
    8. Select the cacerts file and then click Open.
    9. Click OK.
    10. Enter the password for your cacerts file in the Password field. By default the password is changeit.
    11. Click Add.
    12. Enter the following information on the Add CA's Certificate from a File screen:
      • Select one of the following Data Types:
        • Base64-encoded ASCII
        • Binary DER data
      • Select the Certificate file name or click Browse to locate the file.
      • Enter the Location of the certificate file.
    13. Click OK.
    14. Stop and restart the WebSphere Portal.