Get started quickly with secure connections: IBM HTTP Server
Getting Started Quickly IBM HTTP Server documentation

Get Started Quickly with Secure Connections


 

Obtaining certificates

When you set up secure connections, associate your public key with a digitally signed certificate from a certificate authority (CA), designated as a trusted CA on your server.

There are two ways to obtain a certificate:

  • Buy a certificate from an external CA provider
  • Create a self-signed certificate

Buying a certificate from an external CA provider

You can buy a signed certificate by submitting a certificate request to a CA provider. The IBM HTTP Server supports several external certificate authorities. By default, many CAs are designated as trusted CAs on IBM HTTP Server.

Use IKEYMAN to create a new key pair and certificate request to send to an external CA. Then define SSL settings in the Security folder in the Administration Server.

Creating a self-signed certificate

To create a self-signed certificate, you can use your key management utility (IKEYMAN), or you can purchase certificate authority software from a CA provider.

Setting up SSL using the IBM Administration Server

  1. Set up security module.
    • Select Basic Settings
    • Select Module Sequence (Scope: Global)
    • Select Add
    • Select Select a module to add and open the drop-down list. Go to the bottom of the list and select ibm_ssl from the list. The Module DLL is placed to the right.
    • Select the Apply button
    • Select the Close button
    • Select the Submit button

  2. Set up secure host IP and additional port for secure server.
    • Select Basic Settings
    • Select Advanced Properties (Scope: Global)
    • Select the Add button for the Specify additional ports and IP addresses field - leave the IP address field empty and enter 443 in the Port field.
    • Select the Apply button
    • Select the Close button
    • Select the Submit button

  3. Set up virtual host structure for secure server.
    • Select Configuration Structure
    • Select Create Scope (Scope: Global)
    • Select VirtualHost in the "Select a valid scope to insert within the scope selected in the right panel" field
    • Enter the virtual host IP address, or fully qualified domain name
    • Enter the virtual host port (443)
    • Enter the server name
    • Leave alternate name(s) for host blank
    • Select the Submit button

  4. Set up virtual host document root for secure server.
    • Select Basic Settings
    • Select Core Settings (Scope: <Virtual host you are working with>)
    • Enter the server name as a fully qualified domain name
    • Enter the document root directory name
    • Select the Submit button

  5. Set keyfile and SSL timeout values for secure server.
    • Select Security
    • Select Server Security (Scope: Global and Virtual Host)
    • Select Enable SSL radio No button. (Disables SSL for Global scope)
    • Enter the path and keyfile filename.
    • Enter a Timeout value for SSL Version 2 session IDs. (100 secs)
    • Enter a Timeout value for SSL Version 3 session IDs. (1000 secs)
    • Select the Submit button

  6. Enable SSL and select mode of Client Authorization.
    • Select Security
    • Select Host Authorization (Scope: Virtual Host) <Host IP addr:443>
    • Select Enable SSL radio Yes button. (Enables SSL for Virtual Secure Host)
    • Select Mode of client authorization to be used radio button none.
    • Select the Submit button

  7. Restart the Server

To start a second secure virtual host
  1. Set up virtual host structure for secure server.
    • Select Configuration Structure
    • Select Create Scope (Scope: Global)
    • Select VirtualHost for the Select a valid scope to insert within the scope selected in the right panel: field
    • Enter the virtual host IP address, or fully qualified domain name
    • Enter the virtual host port (443)
    • Enter the server name - leave Alternate name(s) for host blank
    • Select the Submit button

  2. Enable SSL and select mode of Client Authorization.
    • Select Security
    • Select Host Authorization (Scope: Virtual Host <Host IP addr:443>)
    • Select Enable SSL radio Yes button. (Enables SSL for Virtual Secure Host)
    • Select Mode of client authorization to be used radio button none.
    • Select the Submit button

  3. Set up virtual host document root for secure server.
    • Select Basic Settings
    • Select Core Settings (Scope: <Virtual Host you are working with>)
    • Enter the server name as a fully qualified domain name
    • Enter the document root directory name
    • Select the Submit button
 
Related information...

     (Back to Top)