Use Authorized Signed SSL Certificate to IBM HTTP Server
To enable HTTPS access to front-end Web Server nodes running IBM HTTP Server 6.0, SSL certificates should be created, IHS configured to use SSL certificates and WAS configured for HTTPS traffic
These steps are useful if you want to use the self-signed SSL Certificate on IBM HTTP Server
- Go to the Web Server machine to setup SSL for. Start the Key Management Utility from Windows Start button->IBM HTTP Server 6.0->Start Key Management Utility
- From the menu bar of the Key Management Utility, go Key Database File->New to create a new key database
- Choose “Key database type” of “CMS”. Define a file name and location for the new key database
- When prompted, define a password for the key database. Check “Set expiration time?” and set “999” for “Days”. Check “Stash the password to a file?”. A password stash file will be created at the same location with the same name as the key database but having the extension “.sth”.
- Once the key database had been created, from the menu bar of the Key Management Utility, go Create->New Certificate Request to create a new certificate request. Choose a “Key Size” of “1024”. Use the FQDN to access the IHS on this Web Server node for “Key Label” and “Common Name”. Fill in other details as appropriate
- Define and take note of a file to store the certificate request file
- Ensure the personal certificate request was properly created. Send the certificate request file to a certificate authority to generate a certificate suitable for use with web servers
- Signer certificates of certificate authorities may need to be added to the key database before personal certificate signed by these certificate authorities can be added.
- The signer certificates for the entire certification chain of the certification authority that will issue your personal certificate should be obtained.
- In the Key Management Utility with the key database opened, choose “Signer Certificates” from the drop-down list in the Key database content area. Click on the “Add” button
- Specified the signer certificate file and press “Ok”.
- Define a label for the signer certificate.
- Repeat the process for each certificate authority in the certification chain
- Once the signer certificates had been added and the web server personal certificate issued by the certificate authority, the web server personal certificate is ready to be received into the key database
- In the Key Management Utility with the key database opened, choose “Personal Certificates” from the drop-down list in the Key database content area. Click on the “Receive” button.
- Specified the issue personal certificate file and press “Ok”.
- Ensure the issued personal certificate was successfully received into the key database. The signer certificates addition and personal certificate request/receive processes should be done on each front-end Web Server machine intended for HTTPS.
- Once the SSL certificate had been created for a Web Server, IBM HTTP Server 6.0 should be configured to use HTTPS.
- On the Web Server machine, use a text editor to open the IHS configuration file at “<IHS_root>\conf\httpd.conf
- Add the lines as shown below:
- Restart the HTTP Server
leave a comment
