How To
Summary
IBM HTTP Server certificates and SSL configuration can be managed with the WebSphere Administration Console.
Environment
In the example environment, WebSphere Application Server has a webserver definition for "webserver1". It is assumed that WebSphere can stop and start IBM HTTP Server as well as propagate files such as plugin-cfg.xml via this webserver definition.
Steps
- Add an SSL virtual host to the webserver definition
- Navigate to "Web servers > webserver1 > Web server virtual hosts" and select "new"
- On the 2nd panel of the wizard, update the IP address to a value of "*"
- Generate a certificate signing request (CSR)
- Navigate to the newly created SSL virtual host: "Web servers > webserver1 > Web server virtual hosts > *:443"
- Select "manage keys and certificates"
- Select "Personal Certificate Requests" to create a new Certificate Signing Request (CSR)
- Supply the required info
- Make a note of your new certificate label (for example: "example.com-2021") and the server-side path to the CSR file specified.
- Provide the CSR to your certificate authority (CA) and wait for a certificate and trusted issuers to be returned
- This will typically be done via a web-based portal.
- Add root and intermediate signer certificates
- Navigate to the newly created SSL virtual host: "Web servers > webserver1 > Web server virtual hosts > *:443"
- Select "manage keys and certificates"
- Click "signer certificates" and add any root or intermediate certificates provided by your CA.
- Receive CA-signed certificate
- Navigate to the newly created SSL virtual host: "Web servers > webserver1 > Web server virtual hosts > *:443"
- Select "manage keys and certificates"
- Click "receive from a certificate authority".
- Propagate the keystore to the webserver
- Navigate to "Web servers > webserver1 > Web server virtual hosts > *:443"
- Change the "Key Store Certificate alias" to your CA certificates labeled "example.com-2021"
- Click "OK" and when prompted, click "propagate configuration file"
- Navigate to "Web servers > webserver1 > Web server virtual hosts > *:443"
- Click the "Copy to web server key store directory" button at the end of the panel
- Review the resulting changes to httpd.conf and restart the webserver
This procedure results in a new SSL virtual host configuration appended to httpd.conf and a Keyfile for the webserver managed by WebSphere.
Document Location
Worldwide
[{"Type":"SW","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"ARM Category":[{"code":"a8m50000000Cd21AAC","label":"IHS->IHS.SSL->IHS.Cert management"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
17 May 2021
UID
ibm16453975