Obtaining certificates
This section provides information to help we get started with secure connections on the Web server. Obtaining certificates is the first step in securing our Web server.
Overview
When we set up secure connections, associate our public key with a digitally-signed certificate from a certificate authority (CA) that is designated as a trusted CA on our server.
Procedure
- Buy a certificate from an external certificate authority provider.
We can buy a signed certificate by submitting a certificate request to a CA provider. The IBM HTTP Server supports several external certificate
authorities. By default, many CAs exist as trusted CAs on the IBM HTTP Server.
See List of trusted certificate authorities on the IBM HTTP Server.
Use the key management utility to create a new key pair and certificate request to send to an external CA, then define SSL settings in the http.conf file.
-
![[AIX Solaris HP-UX Linux Windows]](dist.gif)
iKeyman graphical user interface. If we are unable to
use iKeyman, use the command line interface IKEYCMD.
-
![[z/OS]](ngzos.gif)
Native z/OS key management (gskkyman
key database).
-
- Create a self-signed certificate. Use the key management utility or purchase certificate authority software from a CA provider.
Related concepts
List of trusted certificate authorities on the IBM HTTP Server
Secure Sockets Layer environment variables
Manage keys with the IKEYCMD command line interface (Distributed
systems)
Related tasks
Manage keys with the iKeyman graphical interface (Distributed systems)
Manage keys with the native key database gskkyman (z/OS systems)
Defining SSL for multiple-IP virtual hosts