A public certificate and private key pair are used to encrypt packets being transmitted between a client an IBMs IHS web server. IBM stores the public certificate and private key in what is called a Key Database. The Key Database is a file that ends with the .kdb extension, and is typically located at ihs_home/conf/example.kdb (Linux).
IBM has a command line tool called GSK, which stands for Global Security Kit, that is used to create the Key Database, and to view, export, add, and remove certificates from the Key Database. Refer to using the GSK command line tool.
After the Key Database is created, and contains a public certificate and private key, you can then configure IHS to use the Key Database. You would add the following to your IHS httpd.conf file. After modifying your httpd.conf file, restart the web server.
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so Listen 443 SSLCheckCertificateExpiration 30 <VirtualHost *:443> SSL Enable # Replace "default" with the name of your certificate SSLServerCert default Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </VirtualHost> KeyFile "/path/to/example.kdb" SSLDisable
Now, you should be able to get resources from your IHS web server over SSL. If you are using a self-signed certificate, like I am, your browser will complain that the certificate is invalid. This is fine if you are doing this in a development environment, but for production, you should use a certificate from a trusted certificate authority.