IBM Connections 4.

5 install
I downloaded the following files prior to installing:
IBM Connections for Intranet and Extranet V4.5 for AIX, Windows, Linux, IBMi
Multilingual eAssembly (CRM1CML)
IBM Connections V4.5 for Windows Multilingual (CIHC5ML)
IBM Connections V4.5 Wizard for Windows Multilingual (CIHC8ML)
IBM DB2 and Tivoli for IBM Connections for Intranet and Extranet V4.5 for
Multiplatforms Multilingual eAssembly (CRM1DML)
IBM DB2 Enterprise Server Edition V10.1 for Windows on AMD64 and
EM64T systems (x64) Multilingual (CI6WEML)
IBM Data Server Client V10.1 for Windows on AMD64 and Intel EM64T
systems (x64) Multilingual (CI6V8ML)
IBM Tivoli Directory Integrator Identity Edition V7.1 for Windows x86-64,
Multilingual (CZ9MKML)
IBM WebSphere Application Server V8.0 for IBM Connections for Intranet and Extranet
V4.5 for Multiplatforms Multilingual eAssembly (CRM1EML)
IBM WebSphere Application Server Network Deployment V8.0 (1 of 4) for
Multiplatform, Multilingual IMPORTANT: All parts of this image (CZM9KML,
CZM9LML CZM9MML and CZVG4ML) must be extracted into the same
directory to create a local repository (CZM9KML)
IBM WebSphere Application Server Network Deployment V8.0 (2 of 4) for
Multiplatform, Multilingual IMPORTANT: All parts of this image (CZM9KML,
CZM9LML CZM9MML and CZVG4ML) must be extracted into the same
directory to create a local repository (CZM9LML)
IBM WebSphere Application Server Network Deployment V8.0 (3 of 4) for
Multiplatform, Multilingual IMPORTANT: All parts of this image (CZM9KML,
CZM9LML CZM9MML and CZVG4ML) must be extracted into the same
directory to create a local repository (CZM9MML)
IBM WebSphere Application Server Network Deployment V8.0 (4 of 4) for
Multiplatform, Multilingual IMPORTANT: All parts of this image (CZM9KML,
CZM9LML CZM9MML and CZVG4ML) must be extracted into the same
directory to create a local repository (CZVG4ML)

IBM WebSphere Application Server V8.0 Supplements (1 of 4) for Multiplatform

Multilingual IMPORTANT: All parts of this image (CZM91ML, CZM94ML,
CZM95ML and CZXR9ML) must be extracted into the same directory to create a
local repository (CZM91ML)
IBM WebSphere Application Server V8.0 Supplements (2 of 4) for Multiplatform
Multilingual IMPORTANT: All parts of this image (CZM91ML, CZM94ML,
CZM95ML and CZXR9ML) must be extracted into the same directory to create a
local repository (CZM94ML)

IBM WebSphere Application Server V8.0 Supplements (3 of 4) for Multiplatform

Multilingual IMPORTANT: All parts of this image (CZM91ML, CZM94ML,
CZM95ML and CZXR9ML) must be extracted into the same directory to create a
local repository (CZM95ML)
IBM WebSphere Application Server V8.0 Supplements (4 of 4) for Multiplatform
Multilingual IMPORTANT: All parts of this image (CZM91ML, CZM94ML,
CZM95ML and CZXR9ML) must be extracted into the same directory to create a
local repository (CZXR9ML)

IBM Connections Content Manager V4.5 AIX, Windows, Linux Multilingual eAssembly
(CRLS4ML)
IBM FileNet Content Platform Engine V5.2 Windows Multilingual (CIG8XML)
IBM FileNet Content Platform Engine Client V5.2 Windows English (CIG9FEN)
IBM FileNet Collaboration Services V2.0 Windows Multilingual (CIG7ZML)
Post Install Fixes
NOTE: These are what I downloaded on 02 April 2013. Check the following location
for the latest supported releases:
http://www-01.ibm.com/support/docview.wss?uid=swg27037782
WebSphere Application Server, IBM HTTP Server and plug-ins 8.0 fixpack 5
http://www-01.ibm.com/support/docview.wss?uid=swg24033754

Required ifixes
PM62615 - http://www933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Web
Sphere&product=ibm/WebSphere/WebSphere+Application+Serve
r&release=8.0.0.5&platform=All&function=aparId&apars=PM626
15&source=fc
PM71430 - http://www933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Web
Sphere&product=ibm/WebSphere/WebSphere+Application+Serve
r&release=8.0.0.5&platform=All&function=aparId&apars=PM714
30&source=fc

TDI 7. 1 - fixpack 6

TDI 7.1 fp6 - http://www933.ibm.com/support/fixcentral/swg/quickorder?parent=Security+Systems

&product=ibm/Tivoli/Tivoli+Directory+Integrator&release=All&platform
=All&function=fixId&fixids=7.1.0-TIV-TDIFP0006&includeSupersedes=0&source=fc
DB2 10.1 - No fixpacks needed
These were the steps I followed to install IBM Connections 4.5. Everything was installed
on a single server.
IBM Connections 4.5 install ............................................................................................... 1
1. Install WebSphere 8.0.0.5 ........................................................................................... 5
1.1. Install IBM Install Manager ................................................................................. 5
1.2. Install WAS Cell .................................................................................................. 9
1.3. Create the WebSphere Application Server cell .................................................. 23
2. Enable security with LDAP ...................................................................................... 31
2.1. Start the DMGR, nodeagent and node1s server1 .............................................. 31
2.2. Enable security with an LDAP Directory .......................................................... 32
3. Install DB2 10.1 ........................................................................................................ 43
3.1. Install DB2 10.1 Enterprise Server .................................................................... 43
4. Create the Connections Databases ............................................................................ 53
4.1. Create the dedicated db2 user............................................................................. 53
4.2. Create Connections databases with wizard ........................................................ 56
5. Install and populate Tivoli Directory Integrator 7.1 ................................................. 63
5.1. Install Tivoli Directory Integrator 7.1 ................................................................ 63
5.2. Install fixpack 6 .................................................................................................. 74
5.3. Configure TDI .................................................................................................... 75
6. Populate the profiles database using wizard ............................................................. 75
6.1. Copy tdisol directory to keep profiles and ldap in sync ..................................... 86
7. Install IBM Connections 4.5 ..................................................................................... 86
7.1. Set the JVM heap size ...................................................................................... 106
7.2. Start IBM Connections ..................................................................................... 108
8. Install and Configure IBM HTTP Server 8.0.0.5.................................................... 110
8.1. Install IBM HTTP Server 8.0 ........................................................................... 110
8.2. Register IHS with the Plug-in .......................................................................... 121
8.3. Configure WebSphere to use IBM HTTP Server............................................. 122
8.4. Configure SSL on IHS ..................................................................................... 128
8.4.1. Create the SSL key file for IHS ................................................................ 129
8.4.2. Configure httpd.conf to listen over ssl ...................................................... 133
8.4.3. Add the plug-in key file certificate to the HTTP server key file .............. 134
8.4.4. Add the WAS Web Container certificate to the plug-in key file .............. 139
8.4.5. Add the HTTP Server certificate to WebSphere trust store ...................... 147
8.5. Configure Connections to work with HTTP Server ......................................... 152
8.6. Configure HTTP Server to compress some files .............................................. 154
8.7. Configure Files and Wikis to download files ................................................... 155
9. Configure an administrator user for homepage ...................................................... 155

10.
Configure IBM Connections Content Manager Libraries ................................... 155
10.1.
Update the transaction time .......................................................................... 155
10.2.
Create Filenet domain, GCD, Object Store and AddOns ............................. 157
10.3.
Generate the SID value ................................................................................. 160
10.4.
Configure Filenet to be Activity Stream producer ....................................... 161
10.5.
Setting up anonymous access for a new FileNet deployment ...................... 169
10.5.1.
Add anonymous users to runAs role in FileNet .................................... 169
10.5.2.
Generate SID for anonymous user ........................................................ 172
10.5.3.
Add anonymous user to Download Count Anonymous User Ids property
173

1.

Install WebSphere 8.0.0.5

This step involves setting up a DMGR server, 1 managed node (in this case I installed
everything on 1 system, so I installed a cell).

1.1. Install IBM Install Manager

Extract the IBM Connections V4.5 for Windows Multilingual (CIHC5ML) download and
run
C:\downloads\ic4\IBM_Connections_4.5_win\IBM_Connections_Install_Windows\IM\w
indows\install.exe

1.

2.

3.

4.

5.

1.2. Install WAS Cell

First, make sure you have extracted CZM9KML, CZM9LML CZM9MML and
CZVG4ML into the same directory. I used C:\downloads\ic4\WAS8
As well as 8.0.0-WS-WAS-FP0000005 part1 and part2 into the same directory. I used
C:\downloads\ic4\WAS8005
And PM62615 (C:\downloads\ic4\was8005_ifixes\pm62615)
PM71430 (C:\downloads\ic4\was8005_ifixes\pm71430)
To install we will use the Install Manager we just installed. If it's not running, go to Start
- Programs - IBM Installation Manager - IBM Installation Manager

1. Go to File Preferences .... to add the WebSphere repository to IBM Install Manager

2.

3.

4.

5.

6. Now do the same for the 8.0.0.5 fixpack and 2 ifixes

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

1.3. Create the WebSphere Application Server cell

Now that the install is complete we will create a cell because all services are installed on
a single machine.

18. Start the Profile Management Tool

19.

20.

21.

22.

23.

24.

25.
WebSphere Application Server is now installed on the machine

2.

Enable security with LDAP

In this process we will start WAS and enable security

2.1. Start the DMGR, nodeagent and node1s server1

1. Start the DMGR by running:
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
2. Start the nodeagent by running
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startServer.bat nodeagent

2.2. Enable security with an LDAP Directory

1. Open a browser to the dmgr Integrated Solutions Console
(http://cpricesm.swg.usma.ibm.com:9060/ibm/console) Because security is enabled,
you will be redirected to the ssl port to login - if necessary accept the certificate

2. Login with the user created during the WebSphere Application Server install

3. Open Security Global Security

4. Select Federated Repositories from the Available realm definitions field, and then
click Configure.

5. Click Add Base entry to Realm

6. and then, on the Repository reference page, click Add Repository - LDAP repository

7. On the New page, type a repository identifier, such as myFavoriteRepository (I used

belfast IDS into the Repository identifier field.
8. Specify the LDAP directory that you are using in the Directory type field.
9. Type the host name of the primary LDAP directory server in the Primary host name
field. The host name is either an IP address or a domain name service (DNS) name.

10. If your directory does not allow LDAP attributes to be searched anonymously,
provide values for the Bind distinguished name and Bind password fields. For
example, the Domino LDAP directory does not allow anonymous access, so if you
are using a Domino directory, you must specify the user name and password with
administrative level access in these fields.
11. Specify the login attribute or attributes that you want to use for authentication in the
Login properties field. Separate multiple attributes with a semicolon. For example:
uid;mail.
12. Click Apply

13. and then Save

14. Set the base entry fields, and click OK

NOTE: If this was Domino LDAP, set the first entry to root, and leave the second
blank. 'root' is a special setting for WebSphere that tells it not to use a base. This will
allow domino customer to find the user in the primary directory and all secondary

directories, as well as all flat groups.

All other ldap directories, set both entries to the base of your directory. My ldap
directory is IBM Directory Server, so I set the base to dc=ibm,dc=com

15. and then Save

16. In the Repository Identifier column, click the link for the repository or repositories
that you just added.

17. In the Additional Properties area, click the LDAP entity types link.

18. Click the Group entity type and modify the object classes mapping.

19. Set the objectClass to the group objectClass for you directory, and add the search
base for groups, Click Apply,

20. and then click Save to save this setting.

21. You can do the same for PersonAccount, in my ldap, we use inetOrgPerson, so I did
not change anything
22. In the navigation links at the top of the page, click the name of the repository that you
have just modified to return to the Repository page.

23. Complete the following steps for group membership

a. Click the Group attribute definition link in the Additional Properties area,

b. and then click the Member attributes link.

c. Click New to create a group attribute definition.

d. Enter group membership values in the Name of member attribute and Object class
fields. Click Ok

e. and then click Save to save this setting.

24. Enable Application security:

a. Click Global Security in the navigation links at the top of the page.

b. Select the Administrative Security and Application Security check boxes. Make
sure the Java 2 security check box is unchecked

c. Click Apply

d. and then click Save to save this configuration.

25. Log out of the WebSphere Application Server Integrated Solutions Console and
restart WebSphere Application Server
a. Run C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat username localadmin -password password
b. Then C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
26. Verify that users in the LDAP directory have been successfully added to the
repository:
a. From the WebSphere Application Server Integrated Solutions Console, select
Users and Groups > Manage Users.
b. In the Search by field, enter a user name that you know to be in the LDAP
directory and click Search. If the search succeeds the user exists in your ldap
directory.
c. Click on the user, then click the Groups tab, you should see a list of groups the
user belongs to
27. Once the DMGR is finding users correctly from LDAP, restart the nodeagent to pick
up the changes by running
a. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopNode.bat -username
localadmin -password password
b. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat

3.

Install DB2 10.1

In this step we will Install DB2 and the DB2 client.
Make sure you have extracted IBM DB2 Enterprise Server Edition V10.1 for Windows
on AMD64 and EM64T systems (x64) Multilingual (CI6WEML). I extracted it to
C:\downloads\ic4\db2server_101

3.1. Install DB2 10.1 Enterprise Server

1. Run C:\downloads\ic4\db2server_101\ESE\image\setup.exe

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

4.

Create the Connections Databases

4.1. Create the dedicated db2 user
1. Click Start > Control Panel and select Administrative Tools > Computer Management.
2. From the Computer Management console, select System Tools > Local Users and
Groups.
3. Right-click Users and select New User.

4. Add a user named lcuser. Enter the required details, including the password. Clear the
User must change password at next logon check box. Click Create.

5. Click Close.
6. Open the Users object, right-click lcuser, and select Properties from the context menu.

7. Click the Member Of tab and then click the Add button.

8. Type DB2USERS in the Enter the object names to select field, and click Check
Names.

9. This should resolve to the local DB2USERS group, Click OK.

10. Click OK again to save your changes and Close the Computer Management console

4.2. Create Connections databases with wizard

Make sure to extract IBM Connections V4.5 Wizard for Windows Multilingual
(CIHC8ML) to a location on the DB2 Server. I extracted to
C:\downloads\ic4\IBM_Connections_4.5_win\Wizards

1. Run C:\downloads\ic4\IBM_Connections_4.5_win\Wizards\dbWizard.bat

2.

3.

4.

5.

6.

7.

5.

Install and populate Tivoli Directory Integrator 7.1

In this step, we will install TDI 7.1 and apply fp6.

5.1. Install Tivoli Directory Integrator 7.1

Extract IBM Tivoli Directory Integrator Identity Edition V7.1 for Windows x86-64,
Multilingual (CZ9MKML) (I used C:\downloads\ic4\TDI_71_64)

1. Run C:\downloads\ic4\TDI_71_64\launchpad.exe

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

5.2. Install fixpack 6

Download and extract FP6 on the server. (I extracted to C:\downloads\ic4\tdi71fp6)
1. The zip file you download extracts to a folder that contains 2 zip files in it
(LWI8.1.0SecurityFixUpdateSite.zip and TDI-7.1-FP0006.zip) and two other files.
It's this TDI-7.1-FP0006.zip we will point to in the next step.
2. Run C:\IBM\TDI\V7.1\bin\applyUpdates.bat -update
C:\downloads\ic4\tdi71fp6\7.1.0-TIV-TDI-FP0006\TDI-7.1-FP0006.zip

3. After the fix pack is installed, verify the Tivoli Directory Integrator fix pack version
installed on your system by running
C:\IBM\TDI\V7.1\bin\applyUpdates.bat -queryreg
You should get the following results
Information from .registry file in: C:\IBM\TDI\V7.1
Edition: Identity
Level: 7.1.0.6
License: None
Fixes Applied
=-=-=-=-=-=-=
TDI-7.1-FP0006(7.1.0.0)
Components Installed
=-=-=-=-=-=-=-=-=-=
BASE
-TDI-7.1-FP0006
SERVER

-TDI-7.1-FP0006
CE
-TDI-7.1-FP0006
JAVADOCS
EXAMPLES
-TDI-7.1-FP0006
EMBEDDED WEB PLATFORM
AMC
Deferred: false

5.3. Configure TDI

1. Copy the db2jcc.jar and db2jcc_license_cu.jar files from the java subdirectory of the
directory where you installed DB2 (C:\IBM\SQLLIB\java). Paste the files into the
jvm/jre/lib/ext subdirectory of Tivoli Directory Integrator.
(C:\IBM\TDI\V7.1\jvm\jre\lib\ext)
2. Increase the runtime memory for TDI
a. Edit C:\IBM\TDI\V7.1\ ibmdisrv.bat
b. At the bottom of the file look for
"%TDI_JAVA_PROGRAM%" -classpath
"%TDI_HOME_DIR%\IDILoader.jar" %ENV_VARIABLES%
com.ibm.di.loader.ServerLauncher %*
change this to
"%TDI_JAVA_PROGRAM%" -Xms256M -Xmx1024M -classpath
"%TDI_HOME_DIR%\IDILoader.jar" %ENV_VARIABLES%
com.ibm.di.loader.ServerLauncher %*

6.

Populate the profiles database using wizard

1. Copy the Wizards directory from the IBM Connections installation media (IBM
Connections V4.5 Wizard for Windows Multilingual (CIHC8ML)) to the system
where Tivoli Directory Integrator is installed.

2. Run C:\downloads\ic4\IBM_Connections_4.5_win\Wizards\populateWizard.bat

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

6.1. Copy tdisol directory to keep profiles and ldap in sync

1. Go to C:\IBM\TDI\V7.1 and create a tdisol directory
2. Copy the TDI directory from
C:\downloads\ic4\IBM_Connections_4.5_win\Wizards\TDIPopulation\win to
C:\IBM\TDI\V7.1\tdisol
3. This directory has the settings from when you populated the profiles database.
Periodically as users are added, removed or updated in ldap you need to run the
sync_all_dns.bat from this directory to keep the profiles database and ldap directory
in sync

7.

Install IBM Connections 4.5

Extract the following downloads
IBM Connections V4.5 for Windows Multilingual (CIHC5ML) - I extracted to
C:\downloads\ic4\IBM_Connections_4.5_win.
IBM FileNet Content Platform Engine V5.2 Windows Multilingual (CIG8XML) I extracted to C:\downloads\ic4\filenet\cpe_52
IBM FileNet Content Platform Engine Client V5.2 Windows English (CIG9FEN)
- I extracted to C:\downloads\ic4\filenet\cpec_52

IBM FileNet Collaboration Services V2.0 Windows Multilingual (CIG7ZML) - I

extracted to C:\downloads\ic4\filenet\collab_20

1. Stop the nodeagent by running:

a. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>stopServer.bat nodeagent
-username localadmin -password password
2. Start the DMGR if not running
a. C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
3. Run
C:\downloads\ic4\IBM_Connections_4.5_win\IBM_Connections_Install_Windows\la
unchpad.exe, Click Install IBM Connections 4.5.0, and click Launch the IBM
Connections 4.5.0 install wizard

4.

5.

6.

7. I went ahead and scrolled down and selected IBM Connections Content Manager

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18. I will set up the cognos piece later, so I select Do later here

19.

20.

21.

22. I have a domino server in my environment listening on port 25 for smtp traffic, so I
went ahead and configured notifications to that server.

23.

24.

25.

26.
27. Restart DMGR by running:
a. C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>stopManager.bat -username
localadmin -password password
b. C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin>startManager.bat
28. Start the node agent by running:
a. C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin>startNode.bat
29. At this point the DMGR begins syncing the applications down to the node. You should wait
for this process to complete. It may take 30 minutes to an hour. On my server it took 15
minutes. I typically watch the processes in windows task manager as I start the nodeagent.
You will see a java task use a lot of cpu, once it's drops to 0% cpu for a min or 2, it should be
done. Look in the nodeagent systemout.log log located at
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\nodeagent for the following line:
[4/3/13 19:44:48:011 EDT] 00000039 AppBinaryProc I ADMA7021I: Distribution of
application <connections_app> completed successfully.
You will see the following applications get synced:
ADMA7021I: Distribution of application WebSphereOauth20SP completed successfully.
ADMA7021I: Distribution of application Common completed successfully.
ADMA7021I: Distribution of application Mobile completed successfully.
ADMA7021I: Distribution of application Mobile Administration completed successfully.
ADMA7021I: Distribution of application WidgetContainer completed successfully.
ADMA7021I: Distribution of application Metrics completed successfully.
ADMA7021I: Distribution of application FileNetEngine completed successfully.
ADMA7021I: Distribution of application Search completed successfully.
ADMA7021I: Distribution of application Activities completed successfully.
ADMA7021I: Distribution of application Profiles completed successfully.
ADMA7021I: Distribution of application Moderation completed successfully.
ADMA7021I: Distribution of application Files completed successfully.
ADMA7021I: Distribution of application Communities completed successfully.
ADMA7021I: Distribution of application ibmasyncrsp completed successfully.
ADMA7021I: Distribution of application News completed successfully.
ADMA7021I: Distribution of application FNCS completed successfully.
ADMA7021I: Distribution of application Homepage completed successfully.
ADMA7021I: Distribution of application Forums completed successfully.
ADMA7021I: Distribution of application Wikis completed successfully.

ADMA7021I: Distribution of application Blogs completed successfully.

ADMA7021I: Distribution of application connectionsProxy completed successfully.
ADMA7021I: Distribution of application commsvc completed successfully.
ADMA7021I: Distribution of application Help completed successfully.
ADMA7021I: Distribution of application Dogear completed successfully.

7.1. Set the JVM heap size

1. Open the Integrated Solution Console and login
a. Open a browser to http://cpricesm.swg.usma.ibm.com:9060/ibm/console and
login as localadmin : password

2. Go to Servers > Server Types > WebSphere application servers and click on the
connections cluster server

3. on the right hand side, scroll down to Server Infrastructure, open Java and Process
Management and click on Process definition

4. Click on Java Virtual Machine

5. Make sure the install set

Initial heap size:
Maximum heap size: 2506

6. If you change these, click OK and Save

7. Syncronize the Nodes

a. Go to System administration > Nodes
b. Select the node, and click Full Resynchronize

7.2. Start IBM Connections

1. Start IBM Connections
a. Wait for the node to completely sync
b. In the Integrated Solution Console go to Servers > Server Types > WebSphere
application servers

c. Select the cluster, and click Start

d. Once you get the successfully started message, you are ready to test Connections:

8.

Install and Configure IBM HTTP Server 8.0.0.5

In this step we will Install IBM HTTP Server 8.0
Install the plugin for the HTTP Server
Apply fix pack 5 for IHS as well as the plugin
Configure IHS with the DMGR
Configure SSL on IHS
Configure Connections with IHS

8.1. Install IBM HTTP Server 8.0

Extract the IBM WebSphere Application Server V8.0 Supplements downloads in to a
directory (CZM91ML, CZM94ML, CZM95ML and CZXR9ML). I extracted to
C:\downloads\ic4\WAS8supp
Extract the 8.0.0-WS-WASSupplements-FP0000005-part1 and par2 zip files to a
directory. I extracted to C:\downloads\ic4\WAS8supp_fp5

1. Run IBM Installation Manager by going to Start - All Programs - IBM Installation
Manager - IBM Installation Manager

2.

3.

4. Browse to the location of the WAS 8 Supplements files and supplements fp5 files

5.

6.

7.

8. Make sure to select both IBM HTTP Server v8.0 and Web Server Plug-ins for IBM
WebSphere Application Server v8.0 and change the Install path:

9.

10.

11.

12.

13.

8.2. Register IHS with the Plug-in

1. copy ConfigureIHSPlugin.bat from C:\IBM\WebSphere\Plugins\bin to
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin

2. Run C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\configureIHSPlugin.bat plugin.home c:\IBM\WebSphere\Plugins -plugin.config.xml

c:\IBM\WebSphere\Plugins\config\webserver1\plugin-cfg.xml -ihs.conf
C:\IBM\HTTPServer\conf\httpd.conf -WAS.webserver.name webserver1 operating.system.arch 64

3. Exit out of the command prompt

8.3. Configure WebSphere to use IBM HTTP Server

1. Open a browser to the Integrated Solutions Console and login

(http://cpricesm.swg.usma.ibm.com:9060/ibm/console)

2. Click on Servers Server Types Web servers, click New

3. Enter a server name, I used webserver1

4.

5. Update the Web server install location and Plug-in install location to the directories
used during the install

6.

7.
8. Select the webserver and click Generate Plug-in

9. Copy the location where the plugin was generated

C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\CPRICESMCell01\nod
es\CPRICESMNode01\servers\webserver1\plugin-cfg.xml in our example
10. Open C:\IBM\HTTPServer\conf\httpd.conf in notepad

11. at the bottom of the file find the following line:

LoadModule was_ap22_module
"c:\IBM\WebSphere\Plugins\bin\64bits\mod_was_ap22_http.dll"
WebSpherePluginConfig "c:\IBM\WebSphere\Plugins\config\webserver1\plugincfg.xml"
Replace WebSpherePluginConfig with the location of the file copied in the step
above. Also, in my environment I found that the mod_was_ap22_http.dll did not
exist in the 64bits directory, I had to change that to 32bits for the HTTP Server to
start. I'm not sure if that's normal or not???
LoadModule was_ap22_module
"c:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll"
WebSpherePluginConfig
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\CPRICESMCell0
1\nodes\CPRICESMNode01\servers\webserver1\plugin-cfg.xml"
NOTE: another option here would be to copy the plugin-cfg.xml to
C:\IBM\WebSphere\Plugins\config\webserver1, or to use propagate Plug-in to copy it
over, but I prefer this option so I will not have to copy this file each time I need to
regen the plugin.
12. Save and close httpd.conf
13. Start the IBM HTTP Server 7.0 service

14. At this point you should be able to open a browser to any component that does not
require authentication. Profiles for example,
http://cpricesm.swg.usma.ibm.com/profiles

If you attempted to login or navigate between the products you will be sent back to the
WAS appserver ports. To stay on the HTTP server complete the remaining steps below:

8.4. Configure SSL on IHS

Setting up SSL on the http server is a 5 step process.
Create the SSL key file for IHS
Configure httpd.conf to listen over ssl
Add the plug-in key file certificate to the HTTP server key file
Add the WAS Web Container certificate to the plug-in key file
Add the HTTP Server certificate to WebSphere trust store

8.4.1. Create the SSL key file for IHS

1. Start IBM Key Management Utility by going to Start All Programs IBM HTTP
Server v8.0 Start Key Management Utility

2. Click New

3. Set Key database type to CMS

select a filename and location
NOTE: make sure all folders in the path are already created. I had to create the ssl
folder under IBM\HTTPServer

4. Set password and Stash the password to a file

5. While in Personal Certificates, click New Self-Signed

6. Set the Key Label and Common name to the hostname of the IHS Server, and set
validity period to the length of time you want this certificate to be valid

7. Close the Key Management utility

8.4.2. Configure httpd.conf to listen over ssl

1. Open C:\IBM\HTTPServer\conf\httpd.conf
2. Add the following lines just above the was_ap22_module module
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName cpricesm.swg.usma.ibm.com
#DocumentRoot C:\IBM\HTTPServer\htdocs
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
Keyfile "C:\IBM\HTTPServer\ssl\ihskey.kdb"
SSLStashFile "C:\IBM\HTTPServer\ssl\ihskey.sth"
LoadModule was_ap22_module
"c:\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll"
WebSpherePluginConfig
3. Save and Close httpd.conf

4. Restart the IBM HTTP Server service

5. At this point you will be able to access https://tamconfig40.swg.usma.ibm.com, but

the Connections components will not work until we exchange the certificates in the
next steps.

8.4.3. Add the plug-in key file certificate to the HTTP server key file
1. Start IBM Key Management Utility by going to Start All Programs IBM HTTP
Server v8.0 Start Key Management Utility

2. Click Open

3. Click Browse

4. Browser to the plugin-key.kdb file (C:\IBM\WebSphere\Plugins\config\webserver1 in

our example)

NOTE: If you are unsure of the file being used. Open the plugin-cfg.xml (you can
find this in the following line of C:\IBM\HTTPServer\conf\httpd.conf
WebSpherePluginConfig
"C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\CPRICESMCell01\no
des\CPRICESMNode01\servers\webserver1\plugin-cfg.xml"
Open plugin-cfg.xml and look for the following line:
<Property Name="keyring"
Value="C:\IBM\WebSphere\Plugins/config/webserver1/plugin-key.kdb"/>

Then open the plugin-key.kdb from that location

5. Enter the password, by default the plugin-key.kdbs password is WebAS

6. Under Personal Certificates click Extract Certificate

7. Set Data type to Base64-encoded ASCII data, give it a file name and location

Now we will open the HTTP Server key file and import this key file.

8. In IBM Key Management click Open

9. Set Key database type to CMS and click Browse

10. Browse to the http server key file (C:\IBM\HTTPServer\ssl\ihskey.kdb)

11. Click OK

12. Enter the password you used when you created this file

13. Under Key database content switch to Signer Certificates

14. Click Add

15. Enter the file name and location of the plugin certificate we just exported.

16. Enter a Label, the name is not important, just something to help you remember its
the plugin used on this IHS Server

17. Close ikeyman

8.4.4. Add the WAS Web Container certificate to the plug-in key file
I typically have to do these steps, but in this version I did not have to do this, at the end
when I imported the arm file, I got a message that it already existed. I left the steps here
in case you need them...

Now we need to add the WebSphere Web Container certificate into the plug-in key file.
First we will get the Web Container certificate.
1. Open the WAS Admin console
(https://tamconfig40.swg.usma.ibm.com:9043/ibm/console/logon.jsp) and login

2. Open Secruity SSL certificate and key management

Under Related Items, select Key stores and certificates

3. Click on CellDefaultKeyStore

4. Click on Personal certificates

5. Select the default keystore and click Extract

6. Set a path and filename and set the Data type to Base64-encoded ASCII data

7. Close the Integrated Solutions Console

Now we will import this certificate into the plugin ssl key file

8. Start IBM Key Management Utility by going to Start All Programs IBM HTTP
Server v8.0 Start Key Management Utility

9. Click Open

10. Click Browse

11. Browser to the plugin-key.kdb file (C:\IBM\WebSphere\Plugins\config\webserver1 in

our example)

NOTE: If you are unsure of the file being used. Open the plugin-cfg.xml (you can
find this in the following line of C:\IBM\HTTPServer\conf\httpd.conf
WebSpherePluginConfig
"C:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells\CPRICESMCell01\no
des\CPRICESMNode01\servers\webserver1\plugin-cfg.xml"
Open plugin-cfg.xml and look for the following line:
<Property Name="keyring"
Value="C:\IBM\HTTPServer\Plugins/config/webserver1/plugin-key.kdb"/>
Then open the plugin-key.kdb from that location
12. Enter the password, by default the plugin-key.kdbs password is WebAS

13. Under Key database content Select Signer Certificates

14. Click Add..

15. Click Browse

16. Browse to C:\IBM\HTTPServer\ssl\was.arm and click Open

17. Provide a label and click OK

If you get this error message

Then you didn't need to do this step either, either way, close iKeyMan and go to the next
stesps:

18. Close iKeyMan

8.4.5. Add the HTTP Server certificate to WebSphere trust store

1. Restart the IBM HTTP Server

2. Open the WAS Admin console

(https://tamconfig40.swg.usma.ibm.com:9043/ibm/console/logon.jsp) and login

3. Open Secruity SSL certificate and key management

Under Related Items, select Key stores and certificates

4. Click on CellDefaultTrustStore

5. Click on Signer Certificates

6. Click on Retrieve from port

7. Enter a host, port and alias of the HTTP Server and click Retrieve signer information

8. Click OK

9. Click Save

10. Close the Integrated Solutions Console

8.5. Configure Connections to work with HTTP Server

We will use wsadmin to checkout LotusConnections-config.xml and configure the
Connections components to the HTTP Server instead of the WAS internal ports.
1. From C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin run
wsadmin -lang jython -user localadmin -password password -port 8879
The default value of the SOAP port is 8879. If you are using the default port value,
you do not need to specify this parameter. If you are not using the default and you do
not know the port number, you can look up its value in the WebSphere Application
Server Integrated Solution Console. To look up the SOAP port number, do one of the
following:
a. Open the WebSphere Application Server Integrated Solution Console for the
deployment manager, and then select System Administration -> Deployment
Manager.
b. In the Additional properties section expand Ports, and then look for the
SOAP_CONNECTOR_ADDRESS port entry to find the port number.

2. at the wsadmin> command line run

execfile("connectionsConfig.py")
3. Check out the LotusConnections-config.xml with the following command:
LCConfigService.checkOutConfig("c:/temp","CPRICESMCell01")
Where CPRICESMCell01is the cell for your environment. If you are unsure of your
cell name, use the following command in wsadmin> to get it
print AdminControl.getCell()

4. Open C:\temp\LotusConnections-config.xml in a text editor

5. Each component has an entry similar to the following
<sloc:serviceReference acf_config_file="acf-config.xml"
bootstrapHost="cpricesm.swg.usma.ibm.com" bootstrapPort="2811"
clusterName="lccluster" enabled="true"
person_card_service_name_js_eval="generalrs.label_personcard_activitieslink"
person_card_service_url_pattern="/service/html/mainpage#dashboard%2Cmyactiviti
es%2Cuserid%3D{userid}%2Cname%3D{displayName}" serviceName="activities"
ssl_enabled="true">
<sloc:href>
<sloc:hrefPathPrefix>/activities</sloc:hrefPathPrefix>
<sloc:static href="http://cpricesm.swg.usma.ibm.com:9081"
ssl_href="https://cpricesm.swg.usma.ibm.com:9444"/>
<sloc:interService href="https://cpricesm.swg.usma.ibm.com:9444"/>
</sloc:href>
</sloc:serviceReference>
update the href, ssl_href and interService href to point to your http server and not the
WAS web container ports
<sloc:hrefPathPrefix>/activities</sloc:hrefPathPrefix>
<sloc:static href="http://cpricesm.swg.usma.ibm.com"
ssl_href="https://cpricesm.swg.usma.ibm.com"/>
<sloc:interService href="https://cpricesm.swg.usma.ibm.com"/>
</sloc:href>
</sloc:serviceReference>
6. Save and close LotusConnections-config.xml

7. Check in the LotusConnections-config.xml by running the following command from

the wsadmin> prompt
LCConfigService.checkInConfig("c:/temp","CPRICESMCell01")
8. Run wsadmin>synchAllNodes() to push the updated LotusConnections-config.xml to
the node
9. exit wsadmin
10. restart the node by running
c:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\stopserver.bat
lccluster_server1 -username localadmin -password password
c:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startserver.bat
lccluster_server1
11. Open a browser to http://cpricesm.swg.usma.ibm.com/homepage
12. Login and navigate through the components to ensure you remain on the http server.

8.6. Configure HTTP Server to compress some files

1. Open httpd.conf (c:\IBM\HTTPServer\conf)
2. Find the following entries in the configuration file:
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
and uncomment them
3. Add the following after all the LoadModule's
#Only the specified MIME types will be compressed.
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/atomcat+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/octet-stream
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/xml

AddOutputFilterByType DEFLATE text/xsl
4. Add the following statement to specifically indicate that image files and binaries must
not be compressed to prevent web browser hangs:
# Ensures that images and executable binaries are not compressed
SetEnvIfNoCase Request_URI \\.(?:gif|jpe?g|png|exe)$ no-gzip dont-vary
5. Add the following statement to ensure that proxy servers do not modify the User
Agent header needed by the previous statements:
# Ensure that proxies do not deliver the wrong content
Header append Vary User-Agent env=!dont-vary

8.7. Configure Files and Wikis to download files

This is an optional step, but recommended in the infocenter. See the following section
for details. http://www10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+doc
umentation#action=openDocument&res_title=Configuring_file_downloads_through_the
_HTTP_Server_ic45&content=pdcontent

9.

Configure an administrator user for homepage

http://www10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+doc
umentation#action=openDocument&res_title=Configuring_the_Home_page_administrat
or_ic45&content=pdcontent

10. Configure IBM Connections Content Manager Libraries

10.1. Update the transaction time

1. Open the WebSphere Integrated Solutions Console and login

2. Go to Servers - Server Types - WebSphere application servers, and click on the

connections cluster (lccluster_server1)

3. Under Container Settings, open Container Services and click Transaction service

4. Click the Configuration tab, and set the Maximum transaction timeout parameter
value to at least 600. Mine was set to 0 (unlimited) so I left this alone
5. Restart IBM Connections server

10.2. Create Filenet domain, GCD, Object Store and AddOns

1. If not running, start IBM Connections by running:
C:\IBM\WebSphere\AppServer\profiles\Dmgr01\bin\startManager.bat
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startnode.bat
C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startserver.bat lccluster_server1
2. Run C:\IBM\Connections\addons\ccm\ccmDomainTool\createGCD.bat

3.

4.

5.
6. Change directory back to C:\IBM\Connections\addons\ccm\ccmDomainTool
7. Run C:\IBM\Connections\addons\ccm\ccmDomainTool\createObjectStore.bat

8.

9.

10.3. Generate the SID value

1. Run C:\IBM\Connections\addons\ccm\ccmDomainTool\generateSID.bat

2.

3.

4.
5. Copy SID : value, you will need it the next step

10.4. Configure Filenet to be Activity Stream producer

1. Open the Administration Console for Content Platform Engine (ACCE) and login
(http://cpricesm.swg.usma.ibm.com/acce)

2. Open Object Stores, right click on IC ObjectStore and click Open

3. Click Search

4. Select Collaboration Configuration from the Select from table: menu

5. From the Select Columns list select the asterisk (*). Use the move button to place "*"
into the Selected pane

6. Scroll down and click Search

7. Click OK on the Message window that displays.

8. A single row is returned, Click the link in the ID column to open it for viewing and
editing:

9. In the results view tab, click the Properties inner tab.

10. Scroll down to set the following configuration properties:

Property
Activity Stream Retrieval
URL
Activity Stream HTTP
Endpoint URL
Activity Stream Gadget
URL
Config 1
Config 2

Property Value
{ecm_files}
https://cpricesm.swg.usma.ibm.com

{connections}/resources/web/com.ibm.social.ee/Connection
sEE.xml
password
localadmin
NOTE: login name of a Connections user and will be
encrypted after input. This user must be in the
trustedExternalApplication role on the Widget Container
application in IBM Connections. By default, the
Connections administrator has these privileges and may be
used here.
Activity Stream Extended a. Click the small triangle associated with the Property
Settings
Value for this entry and select Display or Edit Value.

b. Sequentially enter the following five entries by placing

each of the strings in the Enter a string value field and
clicking Add for each entry. When finished, click OK.
activityStreamRetrievalURL={0}/atom/library/{1}%3B{
2}/{3}/{4}/entry
activityStreamAnonymousRetrievalURL={0}/atom/anon
ymous/library/{1}%3B{2}/{3}/{4}/entry
activityStreamOauthRetrievalURL={0}/atom/oauth/libra
ry/{1}%3B{2}/{3}/{4}/entry

 activityStreamFileLinkURL={0}/atom/library/{1}/docu
ment/{2}/media/{3}
activityStreamNullifyActionableURL={0}/connections/o
pensocial/basic/rest/activitystreams/@me/@all/@all/{1}

Download Count Ignored

User Ids
S-1-98-842282596-1664299620-945971501-942943587959276088-758724451-909193571-8287933991647326258-67108864
NOTE: This is the SID value from the task ran in the
previous step

Download Count
Anonymous User Ids

Activity Stream Ignored

Users Ids

I left this blank.

NOTE: This is a multi value field that holds the SIDs of
users whose content downloads will be counted as
anonymous.
I left this blank.
NOTE: This is a multi value field that holds the SIDs of
users whose activities will not be added to the feed.

11. Click Save

12. Click Close

13. Close out of the ACCE console

10.5. Setting up anonymous access for a new FileNet

deployment
IBM FileNet Collaboration Services implements anonymous access with a designated
user that is used only for this purpose. The user should be a system-type user that is not
used by a real person. The user ID does not need, and should not have, any particular
privileges on the object store beyond what is given by the installation guide. This user's
access control records will determine what level of access is given to anonymous users.
Consequently, choose a functional ID that is reserved for this purpose and that does not
have special access.
Configuring an anonymous user is required if users will be accessing Connections
communities anonymously. In some cases, such as when desktop single-sign is enabled,
or when roles in the communities application have been restricted to limit access to
authenticated users, setting up anonymous access for FileNet is optional. Refer to Roles
for information on restricting access to anonymous users in communities.
The display name of the user used in this role might appear in some supplemental user
interfaces, so a user account or functional ID should be chosen with a suitable display
name matching the purpose of this account, for instance, Anonymous User. Do not
choose the administrative account ID. Follow these steps to configure anonymous access
NOTE: For this user I created a user in the WebSphere local repository called
anonymous_localuser. I could have created or used someone in ldap, and in the future
that's what I'll likely do, but for a few reasons I chose to create the user in the local
websphere repository.

10.5.1.

Add anonymous users to runAs role in FileNet

1. Open a browser to the WebSphere Integrated Solutions Console and login

2. Click Applications -> Application Types -> WebSphere enterprise applications, and
click on FNCS

3. Click User RunAs roles,

4. Select the Anonymous role and enter the username and password of the user
designated for the anonymous access role (anonymous_localuser : password). Click
Apply

5. Then click OK.

6. And Click Save

10.5.2.

Generate SID for anonymous user

1. Run C:\IBM\Connections\addons\ccm\ccmDomainTool\generateSID.bat

2.

3. Enter the anonymous user (anonymous_localuser)

4.
5. Copy SID : value, you will need it the next step

10.5.3. Add anonymous user to Download Count Anonymous

User Ids property

1. Open a browser to the Administration Console for Content Platform Engine

(ACCE) and login (http://cpricesm.swg.usma.ibm.com/acce)

2. Expand the Object Stores node on the side navigation tree. Right-click on
ICObjectStore and click Open.

3. Select Search, select Collaboration Configuration in the Select From table:

dropdown menu,

4. From the Select Columns list, select the asterisk (*). Use the move button to place
(*) into the Selected pane

5. Scroll down and click Search.

6. Clicking OK for any popup warnings.

7. A single result object displays, click the object

8. and then click Properties tab

9. On the Properties tab, Scroll down and look for the Property Value Download
Count Anonymous User Ids, Click on the down arrow button.

10. Select Display or Edit value

11. add the SID value of the user created in the previous step (S-1-98-878917172845242677-845230893-892611889-1630364212-758460720-845309489-

842609976-842217827-67108864). and Click Add

12. Click OK.

13. Close ACCE

14.
15.