Generate a (new) SSL Certificate for https [IBM HTTP Server]
Posted by eichelgartenweg on 1:36 PM with 2 comments
[FOR HTTPS/SSL BETWEEN CLIENT AND WEBSERVER]
To generate a new CA-Signed SSL-Certificate for use with the IBM HTTP Server you need to start the iKeyman-Utility first. The iKeyman is the Key Management Tool from IBM.
1. Navigate to the /bin-directory of your IHS-Installation
2. execute
3. Use "Key Database File > Open" to open your password-protected Key-Database

4. After the Key-Database is loaded switch to "Personal Certificate Requests" (under "Key database content").
5. Click New and fill out the certificate request dialog. Depending on your CA-Provider (VeriSign,...) you may need to fill out the dialog in a special way (VeriSign demands the common name to be the domain)

6. Click "OK" to save the certificate request in a file.
7. now you need to provide the content of the certificate request file to your Ceritifcate Authority (e.g.: VeriSign). You will receiving a new certificate file from them.
8. If you received the certificate switch back to "Personal Certificates" (under "Key database content").
9. Click Receive and navigate to the certificate file. Click Ok to import the certificate file.
10. Open the httdp.conf-File of your IHS and replace the SSL-Cert-Name (new one will be displayed after the import of the new certificate in iKeyman). Usally the SSL-Cert is definded within a virtual host:
Example:
11. Restart the IHS-Server (/bin/apachectl stop --> /bin/apachectl start)
To generate a new CA-Signed SSL-Certificate for use with the IBM HTTP Server you need to start the iKeyman-Utility first. The iKeyman is the Key Management Tool from IBM.
1. Navigate to the /bin-directory of your IHS-Installation
2. execute
./ikeyman
to open the Key Management Tool3. Use "Key Database File > Open" to open your password-protected Key-Database

4. After the Key-Database is loaded switch to "Personal Certificate Requests" (under "Key database content").
5. Click New and fill out the certificate request dialog. Depending on your CA-Provider (VeriSign,...) you may need to fill out the dialog in a special way (VeriSign demands the common name to be the domain)

6. Click "OK" to save the certificate request in a file.
7. now you need to provide the content of the certificate request file to your Ceritifcate Authority (e.g.: VeriSign). You will receiving a new certificate file from them.
8. If you received the certificate switch back to "Personal Certificates" (under "Key database content").
9. Click Receive and navigate to the certificate file. Click Ok to import the certificate file.
10. Open the httdp.conf-File of your IHS and replace the SSL-Cert-Name (new one will be displayed after the import of the new certificate in iKeyman). Usally the SSL-Cert is definded within a virtual host:
Example:
<VirtualHost "ip-adress":443>
ServerName www.test.com
SSLEnable
SSLClientAuth 0
SSLServerCert ihssslcert
AllowEncodedSlashes On
<Directory "/">
Options Indexes MultiViews
Order allow,deny
Allow from all
</Directory>
DocumentRoot /usr/IBM/HTTPServer/www-doc-root/
</VirtualHost>
ServerName www.test.com
SSLEnable
SSLClientAuth 0
SSLServerCert ihssslcert
AllowEncodedSlashes On
<Directory "/">
Options Indexes MultiViews
Order allow,deny
Allow from all
</Directory>
DocumentRoot /usr/IBM/HTTPServer/www-doc-root/
</VirtualHost>
11. Restart the IHS-Server (/bin/apachectl stop --> /bin/apachectl start)
I've only really come across the Apache and Exchange servers so I'm not really familiar with how to Create SSL Certificate on the IBM server, so this is a really top resource for webmasters alike.
ReplyDeleteI just finished up reading your blog the first time so I thought I should comment to let you know your stuff is great and you have another follower! Keep the posts coming!
ReplyDeleteWe just bought a wildcard ssl certificate at ClickSSL. As a first time customer of ClickSSL we are very happy with the service and support.