Thursday, 9 October 2014

Configuring IBM HTTP server for SSL or enabling HTTPS access for IBM HTTP Server



Steps to configure the IBM HTTP Server for SSL
  1. Extract the Personal Certificate for the WebSphere Application Server node.
    1. Open the Integrated Solutions Console of the WebSphere Application Server and click Security > SSL certificate and key management.
    2. Click Key stores and certificates, and then click NodeDefaultKeyStore.
    3. Click Personal certificates, and then select the check box beside the default certificate.
    4. Click Extract and then type a fully-qualified name (on the WebSphere Application Server's file system) in the Certificate file name field.
    5. Click OK to extract the file.
  2. Import the Signer Certificate key.
    1. Open the Integrated Solutions Console of the WebSphere Application Server and click Servers > Web servers.
    2. Select the check box for the default web server, and then click Plug-in properties.
    3. Click Manage keys and certificates, and then click Signer certificates.
    4. Click Add, and then type the fully-qualified file name of the personal certificate that you extracted in step 1. Type an identifier for the certificate in the Alias field and click OK.
    5. Click OK to import the file.
  3. Open the Integrated Solutions Console of the WebSphere Application Server hosting the Web server you defined for either the profile in a stand-alone deployment or the node in a network deployment. Expand Servers, and then click Web servers.
  4. Click the Web server you defined for the profile or node from the list of Web servers, and then click Configuration File.
  5. Add the following text to the end of the existing configuration file content:
LoadModule  ibm_ssl_module   modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost  *:443>
ServerName  <server_name>
#DocumentRoot C:\IBM\HTTPServer\htdocs
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
Keyfile "<path_to_key_file>"
SSLStashFile "<path_to_stash_file>"
where <server_name> is the name of the name of the server, <path_to_key_file> represents the file path to the KDB file, and <path_to_stash_file> represents the file path to associated stash file. For example, the paths may look like this:
    • AIX:
o    Keyfile "/usr/IBM/HTTPServer/bin/http.kdb"
SSLStashFile "/usr/IBM/HTTPServer/bin/http.sth"
    • Linux:
o    Keyfile "/opt/IBM/HTTPServer/bin/http.kdb"
SSLStashFile "/opt/IBM/HTTPServer/bin/http.sth"
    • Microsoft Windows:
o    Keyfile "C:\IBM\HTTPServer\bin\http.kdb"
SSLStashFile "C:\IBM\HTTPServer\bin\http.sth"
  1. Click Apply to save your changes, and then click OK to close the Configuration File console panel.
  2. Restart the IBM HTTP Server to apply the changes.



    Note: These configurations are configured for http server with websphere and lotus notes running on the websphere, but still these configurations should work for all the others as well.

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)