Configuring SSL on the IBM HTTP Server
For production environments, we recommend you request a Self-Signed Certificate from a Certificate Authority. For instructions to request a CA-Signed Personal Certificate, refer to the IBM Info Center. The procedure in this section assume you have already obtained the CA-Signed Personal Certificate.
To configure SSL on the IBM HTTP Server:
Start the Key Management Utility by navigating the following path:
Start > Programs > IBM HTTP Server V 6.1 > Start Key Management Utility
Create a folder named keys in the HTTP Server directory.
Start the ikeyMan utility which is located in your HTTP Server's bin directory (for Windows platforms, this path is typically:
C:/WebSphere/IBM HTTP Server/bin
In the ikeyMan utility, create a Key Database File by selecting:
Key Database File > New
At the prompt, complete these fields:
Field
Values
Key Database Type
CMS
Note that only CMS is supported with the IBM HTTP Server.
File Name
serverkey.kdb
Location
C:\WebSphere\IBM HTTP Server\keys
Enter the password (for example, serverkey) and select this option:
stash the password file
Click the OK button.
From the drop down box, select this option:
Personal Certificates
Click the New Self-Signed button.
On the next screen complete these fields:
Field
Values
Key Label
Enter any label. For example:
server_cert
Version
X509V3
Key Size
1024
Common Name
Enter a fully qualified server name. For example:
denicdep5.mlab.jdedwards.com
Organization
Enter your organization name. For example:
Oracle
Country or region
Enter your country or region. For example:
US
Validity Period
Enter the validity for your certificate. For example:
365 days
Click the OK button.
The program displays your certificate in the list.
Delete all other certificates that might exist.
Open the httpd.conf file in a text editor, and add the following virtual host definition.
Note: The text in the httpd.conf file is case sensitive; type the host definition exactly as shown.If you have already configured a port on the HTTP Server (for example, port 85), the file will include an Alias. You should use the same alias under your Virtual Host definition as shown by the bold segment in the section file sample below.For Websphere 8.5.x make the changes below:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <IfModule mod_ibm_ssl.c> Listen 443 <VirtualHost denicdep5.mlab.jdedwards.com:443> Alias /jde "C:/WebSphere/AppServer/installedApps /denicdep5Node01/EA_JS_85.ear/webclient.war" SSLEnable </VirtualHost> </IfModule> SSLDisable KeyFile "C:/WebSphere/IBMIHS/keys/serverkey.kdb"
For Websphere 9.0 make the changes below (Release 9.2.1):
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <IfModule mod_ibm_ssl.c> # IPv6 support: Listen 13445 <VirtualHost *:13445> Alias /jde "C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv05\installedApps\den01eatNode06Cell\HTML_7987.ear\webclient.war" SSLEnable </VirtualHost> <Directory "C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv05\installedApps\den01eatNode06Cell\HTML_7987.ear\webclient.war\WEB_INF"> Require all denied </Directory> <Directory "C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv05\installedApps\den01eatNode06Cell\HTML_7987.ear\webclient.war"> Require all granted </Directory> SSLDisable KeyFile C:\HTTPServer3\keys\serverkey.kdb
For BSSV, the following Virtual Host definition should be used.
For Websphere 8.5.x make the changes below:
Listen 0.0.0.0:443 ## IPv6 support: <VirtualHost *:443> Alias /PD812_WEB "C:\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war" SSLEnable </VirtualHost> <Directory "C:\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war\WEB_INF"> Order Deny,Allow Deny from All </Directory> <Directory "C:\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war"> Order Deny,Allow Allow from All </Directory> </IfModule> KeyFile C:\WebSphere61\IHS2\keys\serverkey.kdb SSLDisable # End of example SSL configuration
For Websphere 9.0 make the changes below (Release 9.2.1):
Listen 0.0.0.0:443 ## IPv6 support: <VirtualHost *:13445> Alias /PD812_WEB "C:\Program Files\IBM\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war" SSLEnable </VirtualHost> <Directory "C:\Program Files\IBM\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war\WEB_INF"> Require all denied </Directory> <Directory "C:\Program Files\IBM\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war"> Require all granted </Directory> </IfModule> KeyFile C:\HTTPServer3\keys\serverkey.kdb SSLDisable # End of example SSL configuration