How to configure IBM IHS web server to use SSL

Home > Search > How-to
  by

Global Security Kit

Use the versionInfo.sh (Linux) or versionInfo.bat (Windows) command to determine the version of IBM IHS web server that is installed. In this example, version 9.0.0.6 is installed.

~]# ihs_home/bin/versionInfo.sh
Version 9.0.0.6

 

Use the gskver command to determine the version of IBM Global Security Kit that is installed. In this example, version 8.0.50.84 is installed.

~]# ihs_home/bin/gskver | grep ProductVersion
8.0.50.84

 

If the Global Security Kit version does not meet the minimum require version, install a newer version of the  Global Security Kit.

  • IHS version 7.0 requires Global Security Kit version 7.0.4.17 or higher
  • IHS version 8.0 requires Global Security Kit version 8.0.14.9 or higher
  • IHS version 8.5 requires Global Security Kit version 8.0.14.9 or higher
  • IHS version 9.0 requires Global Security Kit version 9.0.50.61 or higher

 


Key Database File

Create the key database file.

ihs_home/bin/gsk8capicmd -keydb -create -db ihsserverkey.kdb -pw your_password -stash

 

Add a default self signed certificate to the key database file.

ihs_home/bin/gsk8capicmd -cert -create -db ihsserverkey.kdb -pw your_password -label your_hostname -dn "cn=your_hostname,o=your_domain" -default_cert yes

 


Configure IHS

In the ihs_home/conf/httpd.conf file, uncomment the following lines.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
SSLCheckCertificateExpiration 30
<VirtualHost *:443>
  SSL Enable
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</VirtualHost>
KeyFile ihs_home/conf/ihsserverkey.kdb
SSLDisable

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments