IBM Http Server SSL Installation

IBM HTTP Server (IHS) is a web server based on the Apache Software Foundation’s HTTP Server that runs on AIX, HP-UX, Linux, Solaris, JADE, Windows NT, IBM and z/OS. It is available for download and use free of charge but without IBM support. The HTTP server is also included in the IBM Web Sphere Application Server distribution packages. The default web console administration port is 8008. On IBM i, the administration port is 2001. The license agreement for the IBM HTTP Server is IBM’s International License Agreement for Non-Warranted Programs (ILAN).

SSL Installation:

1. Log on to the load balance server as a user with administrative privileges.
2. Start iKeyman by running the following command:
   IHS_root/bin/ikeyman
   Where IHS_root is the location of the IHS. The default location is/usr/IBM/HTTPServer/.
3. In the iKeyman tool, open the keystore you created in Step 2.
   • Select Key Database File > Open.
   • Specify the type of keystore, by default CMS.
   • In the File Name and Location fields, enter the name and path to the keystore.
   • In the Password Prompt dialog box, enter the password for the keystore.
4. Import the signed CA certificate.
   • In the Key database content list, select Signer Certificates, and click Add.
   • In the Open window, in the File Name and Location fields, enter the name and path to the keystore.
   • In the Enter a Label dialog box that displays, in the Enter a label for the certificate field, enter a name for the certificate.
5. Select Key Database File > Close.
6. In the iKeyman tool, open the plugin-key.kdb keystore.
   • Select Key Database File > Open.
   • Specify the type of keystore. The default type is CMS.
   • In the File Name and Location fields, enter the name and path to the keystore.
7. The default directory for the plugin-key.kdb keystore is /Plugins/config/server_name/plugin-key.kdb, and click OK.In the Password Prompt dialog box, enter the password for the keystore. The default password is WebAS, and click OK.
8. Select Signer Certificates in the Key database content list, and click Add.
9. In the Add CA’s Certificate from a file window, enter the following information.
10. In the Data type list, select Base64-encoded ASCII data.
11. In the File Name and Location fields, enter the name and path to the keystore.
12. In the Enter a Label dialog box and the Enter a label for the certificate field, enter a name for the certificate.

Edit HTTPD.CONF file

1. On Windows computers, start a Command Prompt window using the Run as Administrator option, or on AIX® or Linux computers, open an AIX or Linux shell.
2. Go to the IHS root/conf directory.
3. Open the httpd.conf file using a text editor.
   • • Uncomment the following in the file.

   LoadModule was_app22_module modules/mod_was_ap22_http.so
   LoadModule negotiation_module module8s/mod_negotiation.so

   • Uncomment the following lines in the file and add any missing lines.
     Listen 443
     <VirtualHost *:443>
     ServerName <server_name>
     SSLEnable
     SSLProtocolDisable SSLv2
     SSLClientAuth None
     <Directory />
     Options FollowSymLinks
     AllowOverride None
     Order allow,deny
     Allow from all
     </Directory>
     </VirtualHost>
     SSLDisable
     KeyFile <IHS_root>/<keystore_name>.kdb
     • Add the following line to point to the WebSphere® plug-in Configuration.
       WebSpherePluginConfig
       <IHS root>/Plugins/config/<server_name>/plugin-cfg.xml
     • • Save and close the file.
4. To apply the changes, restart the IBM HTTP Server.

We hope this article helped you with this easy process. If you are unable to use these instructions, we recommend you to contact either the vendor of your software or the hosting organization that supports it.