Configuring IBM® HTTP Server for an encrypted connection
Configure IBM® HTTP Server to use an encrypted connection.
About this task
To support an encrypted connection, create a self-signed certificate and then configure IBM® HTTP Server for encrypted connection traffic. If you use this certificate in production, users might receiver warning messages from their browsers. In a typical production deployment, you would use a certificate from a trusted certificate authority.
If you select to configure the HTTP server during the HCL Connections installation, this task could be performed at that time instead of as a pre-installation task. If you configure HTTP during install time you will save the necessity to perform the steps to map the applications to the plugin.
To configure IBM® HTTP Server for encrypted connections, complete the following steps:
Procedure
- Create a key file.
- Create a self-signed certificate.
- Click Personal Certificates in the Key Database content frame, and then click New Self-Signed.
- Enter the required information about the key file, your web server, and organization in the dialog box.
- Click OK.
- Stop IBM® HTTP Server.
- Log in to the WebSphere® Application Server Integrated Solutions Console for the Deployment Manager and select .
- From the list of web servers, click the web server that you defined for this profile.
- On the Configuration page for this web server, click the Configuration file link. This action opens the httpd.conf configuration file on the Deployment Manager.
- Add the following text to the end of the configuration
file:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
Listen 0.0.0.0:443
<VirtualHost *:443>
ServerName server_name
SSLEnable
</VirtualHost>
</IfModule>
SSLDisable
Keyfile "path_to_key_file"
SSLStashFile "path_to_stash_file"
where- server_name is the host name of the IBM® HTTP Server.
- path_to_key_file is the path to the key file that you created with the iKeyman utility.
- path_to_stash_file is the path to the associated stash file.
- AIX®:
- Keyfile "/usr/IBM/keyfiles/key_file.kdb"
- SSLStashFile "/usr/IBM/keyfiles/key_file.sth"
- Linux™:
- Keyfile "/opt/IBM/keyfiles/key_file.kdb"
- SSLStashFile "/opt/IBM/keyfiles/key_file.sth"
- Microsoft™ Windows™:
Use forward slashes in the httpd.conf file on Windows™.
- Keyfile "C:/IBM/keyfiles/key_file.kdb"
- SSLStashFile "C:/IBM/keyfiles/key_file.sth"
- Click Apply and then click OK.
- Restart IBM® HTTP Server to apply the changes.
- Test the new configuration: Open a web browser and ensure that you can successfully reach https://server_name. You might be prompted to accept the self-signed certificate on your browser.
Results
What to do next
For more information about securing web communications, go to the Securing applications and their environment in the IBM WebSphere Application Server Network Deployment documentation.
For more information about the key store and setting up the IBM® HTTP Server, see the Securing communications topic in the WebSphere® Application Server Network Deployment documentation.
The key file can be shared between two web servers, thus providing failover capability.