IBM HTTP Server help: Get started quickly with secure connections

Get started quickly with secure connections

 

Obtaining certificates

When you set up secure connections, your public key must be associated with a digitally signed certificate from a certificate authority (CA) who is designated as a trusted CA on your server.

There are two ways to obtain a certificate:

Buying a certificate from an external CA provider

You can buy a signed certificate by submitting a certificate request to a CA provider. The IBM HTTP Server supports several external certificate authorities. By default, many CAs are designated as trusted CAs on IBM HTTP Server.

Use IKEYMAN to create a new key pair and certificate request to send to an external CA. Then define SSL settings in the Security folder in the IBM Administration Server.

Creating a self-signed certificate

To create a self-signed certificate, you can use your key management utility (IKEYMAN), or you can purchase certificate authority software from a CA provider.

Setting up SSL using the IBM Administration Server

  1. Set up security module.

  2. Set up secure host IP and additional port for secure server.

  3. Set up virtual host structure for secure server.

  4. Set up virtual host document root for secure server.

  5. Set keyfile and SSL timeout values for secure server.

  6. Enable SSL and select mode of Client Authorization.

  7. Restart the Server

To start a second secure virtual host
  1. Set up virtual host structure for secure server.

  2. Enable SSL and select mode of Client Authorization.

  3. Set up virtual host document root for secure server.

Related Information


SSL