Secure IBM HTTP Server

Learn about IBM HTTP Server security, including: Secure Socket Layer (SSL), Key management, Lightweight Directory Access Protocol (LDAP) and System Authorization Facility (SAF) for z/OS® systems.

• Secure IBM HTTP Server
  This section lists topic overviews for securing IBM HTTP Server.

• Configure SSL between the IBM HTTP Server Administration Server and the deployment manager
  Configure Secure Sockets Layer (SSL) between the deployment manager for WebSphere® Application Server and the IBM HTTP Server (IHS) administration server, which is called adminctl.

• Secure with SSL communications
  Set up Secure Sockets Layer (SSL) by using the default httpd.conf configuration file.

• Set advanced SSL options
  We can enable advanced security options such as: client authentication, setting and viewing cipher specifications, defining SSL for multiple-IP virtual hosts, and setting up a reverse proxy configuration with SSL.

• IBM HTTP Server certificate management
  Before we can configure IBM HTTP Server to accept TLS (also known as SSL) connections, you must create a certificate for your web server. An SSL certificate authenticates your web servers identity to clients.

• Manage keys with the IKEYMAN graphical interface (Distributed systems)
  This section describes topics on how to set up and use the key management utility (IKEYMAN) with IBM HTTP Server. Using the graphical user interface, rather than the command line interface, is recommended.

• Manage keys from the command line (Distributed systems)
  The Java™ command line interface to IKEYMAN, gskcapicmd, provides the necessary options to create and manage keys, certificates and certificate requests. The native utility /bin/gskcapicmd is always preferred over /bin/gskcmd. gskcapicmd is faster and some features are added to gskcapicmd before gskcmd

• Manage keys with the native key database gskkyman (z/OS systems)
  Use the native z/OS key management (gskkyman key database) support for key management tasks.

• Getting started with the cryptographic hardware for SSL (Distributed systems)
  Cryptographic devices require the PKCS11 support software for the host machine and internal firmware. For more information, contact the vendor of the device.

• Authenticating with LDAP on IBM HTTP Server using mod_ldap
  We can configure Lightweight Directory Access Protocol (LDAP) to authenticate and protect files on IBM HTTP Server.

• Authenticating with SAF on IBM HTTP Server (z/OS systems)
  We can authenticate to the IBM HTTP Server on z/OS by using HTTP basic authentication or client certificates with the System Authorization Facility (SAF) security product. Use SAF authentication for verification of user IDs and passwords or certificates.