FreeKB - How to configure IBM IHS web server to use SSL
How to configure IBM IHS web server to use SSL

Home > Search > How-to


A public certificate and private key pair are used to encrypt packets being transmitted between a client and IBMs IHS web server.

 


Key Database

IBM stores the public certificate and private key in what is called a Key Database. The Key Database is a file that ends with the .kdb extension. There are a few different ways to create the public certificate and private key in the Key Database file.

For the sake of this article, let's say you have a Key Database file named example.kdb and a stash file named example.sth, and the Key Database contains a certificate, such as *.example.com.

${ihs_install_root}/gsk8/bin/gsk8capicmd_64 -cert -list -db /path/to/example.kdb -stashed

Certificates found
* default, - personal, ! trusted, # secret key
*-      *.example.com

 


Configure IHS

You can now configure IHS to encrypt traffic on port 443 for HTTPS using the Key Database. You would add the following to your IHS httpd.conf file. After modifying your httpd.conf file, restart the web server. Note that since SSLServerCert is not being used, the default certificate in the Key Database file will be used.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
<VirtualHost *:443>
  SSLEnable
</VirtualHost>
KeyFile "/path/to/example.kdb"
StashFile "/path/to/example.sth"
SSLDisable

 

 

Now, you should be able to get resources from your IHS web server over SSL. If you are using a self-signed certificate, like I am, your browser will complain that the certificate is invalid. This is fine if you are doing this in a development environment, but for production, you should use a certificate from a trusted certificate authority.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments