Secure IBM HTTP Server

This section lists topic overviews for securing IBM HTTP Server.

About this task

The following topics describe specific tasks for you to secure IBM HTTP Server.

Procedure

• Configure SSL between the IBM HTTP Server Administration Server and the deployment manager

• Secure with SSL communications. For secure communication, we can set up the Secure Sockets Layer (SSL) directives in the default httpd.conf configuration file.

• Set advanced SSL options. More advanced SSL options to secure your IBM HTTP Server are also available. Advanced SSL options include: setting the level and type of client authentication, setting cipher specifications, defining SSL for multiple-IP virtual hosts, and configuring reverse proxy setup with SSL.

• Manage keys with the IKEYMAN graphical interface (Distributed systems). We can set up the Key Management utility (IKEYMAN) with IBM HTTP Server to create key databases, public and private key pairs and certificate requests. Use the IKEYMAN graphical user interface rather than using the command line interface.

• Manage keys from the command line (Distributed systems). We can use IKEYCMD, which is the Java command line interface to IKEYMAN. Use the command line only if you are unable to use the graphical user interface.

• Manage keys with the native key database gskkyman (z/OS systems) We can use the native z/OS key management (gskkyman key database) with IBM HTTP Server to create key databases, public and private key pairs and certificate requests.

• Getting started with the cryptographic hardware for SSL (Distributed systems). We can use cryptographic hardware for SSL. The IBM 4758 requires the PKCS11 software for the host machine and internal firmware.

• Authenticating with LDAP on IBM HTTP Server using mod_ldap We can configure LDAP to protect files on IBM HTTP Server.

• Authenticating with SAF on IBM HTTP Server (z/OS systems). We can provide IBM HTTP Server with user authentication using the System Authorization Facility security product.