Sunday, March 15, 2009

Enable SSL (HTTPs) for IBM HTTP Server

To enable SSL on a IBM HTTP Server (Client -> IHS), you need to generate a proper certificate first.

Steps to generate self-signed-certificate for https traffic:

1. Open //bin/ikeyman

2. Select CMS as type and specify a file name and a location for the certificate file

3. When prompted for a password type in your desired password.

4. Click Create > New Self-Signed Certificate in iKeyman. Type in your desired values.


5. Exit iKeymen.

6. Verify that all needed files (3-4 files) are generated in your certificate location.

After generating a self-signed-certificate the IHS needs to be configured to use SSL.

1. Open //conf/httpd.conf

2. Add following line to load the SSL module. Add these line add the end of the Load Modules section.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

3. Add a virtual host to enable SSL.

Link to example file

4. Save and restart the HTTPs Server (//bin/apachectl)

Troubleshooting 1:

If SSL isnt working check the Virtual Host defined in your WebSphere Server.

1. In Administrative Console go to Virtual > default host > Host Aliases and check if port 433 is defined.

To setup SSL between IHS and a WebSphere-Server see:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_httpserv.html

Troubleshooting 2:

Perhaps you need to update the default plugin key files.

1. In Administrative Console go to WebServer > > Plugin properties

2. Click "Copy to Web server key store directory" to override the old default certificates.

3. Restart the IHS and try again