1. Business Services Server Reference Guide
  2. Configuring SSL on the IBM HTTP Server

Configuring SSL on the IBM HTTP Server

For production environments, we recommend you request a Self-Signed Certificate from a Certificate Authority. For instructions to request a CA-Signed Personal Certificate, refer to the IBM Info Center. The procedure in this section assume you have already obtained the CA-Signed Personal Certificate.

To configure SSL on the IBM HTTP Server:

  1. Start the Key Management Utility by navigating the following path:

    Start > Programs > IBM HTTP Server V 6.1 > Start Key Management Utility

  2. Create a folder named keys in the HTTP Server directory.

  3. Start the ikeyMan utility which is located in your HTTP Server's bin directory (for Windows platforms, this path is typically:

    C:/WebSphere/IBM HTTP Server/bin

  4. In the ikeyMan utility, create a Key Database File by selecting:

    Key Database File > New

  5. At the prompt, complete these fields:

    Field

    Values

    Key Database Type

    CMS

    Note that only CMS is supported with the IBM HTTP Server.

    File Name

    serverkey.kdb

    Location

    C:\WebSphere\IBM HTTP Server\keys

  6. Enter the password (for example, serverkey) and select this option:

    stash the password file

  7. Click the OK button.

  8. From the drop down box, select this option:

    Personal Certificates

  9. Click the New Self-Signed button.

  10. On the next screen complete these fields:

    Field

    Values

    Key Label

    Enter any label. For example:

    • server_cert

    Version

    X509V3

    Key Size

    1024

    Common Name

    Enter a fully qualified server name. For example:

    • denicdep5.mlab.jdedwards.com

    Organization

    Enter your organization name. For example:

    • Oracle

    Country or region

    Enter your country or region. For example:

    • US

    Validity Period

    Enter the validity for your certificate. For example:

    • 365 days

  11. Click the OK button.

    The program displays your certificate in the list.

  12. Delete all other certificates that might exist.

  13. Open the httpd.conf file in a text editor, and add the following virtual host definition.

    Note: The text in the httpd.conf file is case sensitive; type the host definition exactly as shown.If you have already configured a port on the HTTP Server (for example, port 85), the file will include an Alias. You should use the same alias under your Virtual Host definition as shown by the bold segment in the section file sample below.

    For Websphere 8.5.x make the changes below:

    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 443
<VirtualHost denicdep5.mlab.jdedwards.com:443>
Alias /jde "C:/WebSphere/AppServer/installedApps
/denicdep5Node01/EA_JS_85.ear/webclient.war"
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
KeyFile "C:/WebSphere/IBMIHS/keys/serverkey.kdb"

    For Websphere 9.0 make the changes below (Release 9.2.1):

    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
# IPv6 support:
Listen 13445
<VirtualHost *:13445>
Alias /jde "C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv05\installedApps\den01eatNode06Cell\HTML_7987.ear\webclient.war"
SSLEnable
</VirtualHost>
<Directory "C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv05\installedApps\den01eatNode06Cell\HTML_7987.ear\webclient.war\WEB_INF">
Require all denied
</Directory>
<Directory "C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv05\installedApps\den01eatNode06Cell\HTML_7987.ear\webclient.war">
Require all granted
</Directory>
SSLDisable
KeyFile C:\HTTPServer3\keys\serverkey.kdb

    For BSSV, the following Virtual Host definition should be used.

    For Websphere 8.5.x make the changes below:

    Listen 0.0.0.0:443
## IPv6 support:
<VirtualHost *:443>
Alias /PD812_WEB "C:\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war"
SSLEnable
</VirtualHost>
<Directory "C:\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war\WEB_INF">
Order Deny,Allow
Deny from All
</Directory>
<Directory "C:\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war">
Order Deny,Allow
Allow from All
</Directory>
</IfModule>
KeyFile C:\WebSphere61\IHS2\keys\serverkey.kdb
SSLDisable
# End of example SSL configuration

    For Websphere 9.0 make the changes below (Release 9.2.1):

    Listen 0.0.0.0:443
## IPv6 support:
<VirtualHost *:13445>
Alias /PD812_WEB "C:\Program Files\IBM\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war"
SSLEnable
</VirtualHost>
<Directory "C:\Program Files\IBM\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war\WEB_INF">
Require all denied
</Directory>
<Directory "C:\Program Files\IBM\WebSphere61\AppServer\profiles\BSSV/installedApps/[node_name]/BSSV_PD_93.ear\PD812_WEB.war">
Require all granted
</Directory>
</IfModule>
KeyFile C:\HTTPServer3\keys\serverkey.kdb
SSLDisable
# End of example SSL configuration