IBM Support

Managing IBM HTTP Server certificates and SSL configuration using the WebSphere Administration Console

How To


Summary

IBM HTTP Server certificates and SSL configuration can be managed with the WebSphere Administration Console.

Environment

In the example environment, WebSphere Application Server has a webserver definition for "webserver1". It is assumed that WebSphere can stop and start IBM HTTP Server as well as propagate files such as plugin-cfg.xml via this webserver definition.

Steps

  1. Add an SSL virtual host to the webserver definition
    1. Navigate to "Web servers > webserver1 > Web server virtual hosts" and select "new"
    2. On the 2nd panel of the wizard, update the IP address to a value of "*"
  2. Generate a certificate signing request (CSR)
    1. Navigate to the newly created SSL virtual host: "Web servers > webserver1 > Web server virtual hosts > *:443"
    2. Select "manage keys and certificates"
    3. Select "Personal Certificate Requests" to create a new Certificate Signing Request (CSR)
    4.  Supply the required info
    5.  Make a note of your new certificate label (for example: "example.com-2021") and the server-side path to the CSR file specified.
  3.  Provide the CSR to your certificate authority (CA) and wait for a certificate and trusted issuers to be returned
    1. This will typically be done via a web-based portal.
  4.  Add root and intermediate signer certificates
    1. Navigate to the newly created SSL virtual host: "Web servers > webserver1 > Web server virtual hosts > *:443"
    2. Select "manage keys and certificates"
    3. Click "signer certificates" and add any root or intermediate certificates provided by your CA.
  5. Receive CA-signed certificate
    1. Navigate to the newly created SSL virtual host: "Web servers > webserver1 > Web server virtual hosts > *:443"
    2. Select "manage keys and certificates"
    3. Click "receive from a certificate authority".
  6. Propagate the keystore to the webserver
    1. Navigate to "Web servers > webserver1 > Web server virtual hosts > *:443"
    2. Change the "Key Store Certificate alias" to your CA certificates labeled "example.com-2021"
    3. Click "OK" and when prompted, click "propagate configuration file"
    4. Navigate to "Web servers > webserver1 > Web server virtual hosts > *:443"
    5. Click the "Copy to web server key store directory" button at the end of the panel
  7. Review the resulting changes to httpd.conf and restart the webserver
This procedure results in a new SSL virtual host configuration appended to httpd.conf and a Keyfile for the webserver managed by WebSphere. 
   

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"ARM Category":[{"code":"a8m50000000Cd21AAC","label":"IHS->IHS.SSL->IHS.Cert management"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
17 May 2021

UID

ibm16453975

Page Feedback