Configuring IBM® HTTP Server for an encrypted connection
Configure IBM® HTTP Server to use an encrypted connection.
About this task
To support an encrypted connection, create a self-signed certificate and then configure IBM® HTTP Server for encrypted connection traffic. If you use this certificate in production, users might receiver warning messages from their browsers. In a typical production deployment, you would use a certificate from a trusted certificate authority.
If you select to configure the HTTP server during the IBM Connections installation, this task could be performed at that time instead of as a pre-installation task. If you configure HTTP during install time you will save the necessity to perform the steps to map the applications to the plugin.
To configure IBM® HTTP Server for encrypted connections, complete the following steps:
Procedure
- Create a key file.
- Create a self-signed certificate.
- Click Personal Certificates in the Key Database content frame, and then click New Self-Signed.
- Enter the required information about the key file, your web server, and organization in the dialog box.
- Click OK.
- Stop IBM® HTTP Server.
- Log in to the WebSphere® Application Server Integrated Solutions Console for the Deployment Manager and select .
- From the list of web servers, click the web server that you defined for this profile.
- On the Configuration page for this web server, click the Configuration file link. This action opens the httpd.conf configuration file on the Deployment Manager.
- Add the following text to the end of the configuration
file:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName server_name
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
Keyfile "path_to_key_file"
SSLStashFile "path_to_stash_file"
where- server_name is the host name of the IBM® HTTP Server.
- path_to_key_file is the path to the key file that you created with the iKeyman utility.
- path_to_stash_file is the path to the associated stash file.
- AIX®:
- Keyfile "/usr/IBM/keyfiles/key_file.kdb"
- SSLStashFile "/usr/IBM/keyfiles/key_file.sth"
- Linux™:
- Keyfile "/opt/IBM/keyfiles/key_file.kdb"
- SSLStashFile "/opt/IBM/keyfiles/key_file.sth"
- Microsoft™ Windows™:
Use forward slashes in the httpd.conf file on Windows™.
- Keyfile "C:/IBM/keyfiles/key_file.kdb"
- SSLStashFile "C:/IBM/keyfiles/key_file.sth"
- Click Apply and then click OK.
- Restart IBM® HTTP Server to apply the changes.
- Test the new configuration: Open a web browser and ensure that you can successfully reach https://server_name. You might be prompted to accept the self-signed certificate on your browser.
Results
What to do next
For more information about securing web communications, go to the WebSphere® Application Server information center.
For more information about the key store and setting up the IBM® HTTP Server, see the Securing communications topic in the WebSphere® Application Server information center.
The key file can be shared between two web servers, thus providing failover capability.