How to configure IBM IHS web server to use SSL

Home > Search > How-to

A public certificate and private key pair are used to encrypt packets being transmitted between a client an IBMs IHS web server. IBM stores the public certificate and private key in what is called a Key Database. The Key Database is a file that ends with the .kdb extension, and is typically located at ihs_home/conf/example.kdb (Linux). 


IBM has a command line tool called GSK, which stands for Global Security Kit, that is used to create the Key Database, and to view, export, add, and remove certificates from the Key Database. Refer to using the GSK command line tool.


Configure IHS

After the Key Database is created, and contains a public certificate and private key, you can then configure IHS to use the Key Database. You would add the following to your IHS httpd.conf file. After modifying your httpd.conf file, restart the web server.

LoadModule ibm_ssl_module modules/
Listen 443
SSLCheckCertificateExpiration 30
<VirtualHost *:443>
  SSL Enable

  # Replace "default" with the name of your certificate
  SSLServerCert default

  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
KeyFile "/path/to/example.kdb"



Now, you should be able to get resources from your IHS web server over SSL. If you are using a self-signed certificate, like I am, your browser will complain that the certificate is invalid. This is fine if you are doing this in a development environment, but for production, you should use a certificate from a trusted certificate authority.

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.