Home
Secure with SSL communications
- Use ikeyman GUI or command-line to create...
- For z/OS use gskkyman to create...
- CMS key database file or SAF keyring
- public and private key pairs
- self-signed certificates
- Edit httpd.conf and uncomment...
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
- Create an SSL virtual host stanza...
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <IfModule mod_ibm_ssl.c> Listen 443 <VirtualHost *:443> SSLEnable </VirtualHost> </IfModule> SSLDisable KeyFile "c:/IBM/IHSv7/keydb2.kdb"This second example assumes that you are enabling a single Web site to use SSL, and the server name is different from the server name that is defined in the global scope for non-SSL (port 8080). Both host names must be registered in a DNS to a separate IP address, and configure both IP addresses on local network interface cards.
Listen 8080 ServerName www.mycompany.com <Directory "c:/IBM/IHSv7/htdocs"> Options Indexes AllowOverride None order allow,deny allow from all <Directory> DocumentRoot "c:/IBM/IHSv7/htdocs" DirectoryIndex index.html <VirtualHost 192.168.1.103:8080> ServerName www.mycompany2.com <Directory "c:/IBM/IHSv7/htdocs2"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs2" DirectoryIndex index2.html </VirtualHost> Listen 443 <VirtualHost 192.168.1.103:443> ServerName www.mycompany2.com SSLEnable SSLClientAuth None <Directory "c:/IBM/IHSv7/htdocs2"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs2" DirectoryIndex index2.html </VirtualHost> SSLDisable KeyFile "c:/IBM/IHSv7/keydb2.kdb" SSLV2Timeout 100 SSLV3Timeout 1000This third example assumes that you are enabling multiple Web sites to use SSL. All host names must be registered in the erver DNS) to a separate IP address. Also, configure all of the IP addresses on a local network interface card. Use the SSLServerCert directive to identify which personal server certificate in the key database file passes to the client browser during the SSL handshake for each Web site.
If we have not defined the SSLServerCert directive, IHS passes the certificate in the key database file that is marked (*) as the "default key".
Listen 8080 ServerName www.mycompany.com <Directory "c:/IBM/IHSv7/htdocs"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs" DirectoryIndex index.html <VirtualHost 192.168.1.103:8080> ServerName www.mycompany2.com <Directory "c:/IBM/IHSv7/htdocs2"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs2" DirectoryIndex index2.html </VirtualHost> <VirtualHost 192.168.1.104:8080> ServerName www.mycompany3.com <Directory "c:/IBM/IHSv7/htdocs3"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs3" DirectoryIndex index3.html </VirtualHost> Listen 443 <VirtualHost 192.168.1.102:443> ServerName www.mycompany.com SSLEnable SSLClientAuth None SSLServerCert mycompany <Directory "c:/IBM/IHSv7/htdocs"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs" DirectoryIndex index.html </VirtualHost> <VirtualHost 192.168.1.103:443> ServerName www.mycompany2.com SSLEnable SSLClientAuth None SSLServerCert mycompany2 <Directory "c:/IBM/IHSv7/htdocs2"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs2" DirectoryIndex index2.html </VirtualHost> <VirtualHost 192.168.1.104:443> ServerName www.mycompany3.com SSLEnable SSLClientAuth None SSLServerCert mycompany3 <Directory "c:/IBM/IHSv7/htdocs3"> Options Indexes AllowOverride None order allow,deny allow from all </Directory> DocumentRoot "c:/IBM/IHSv7/htdocs3" DirectoryIndex index3.html </VirtualHost> SSLDisable KeyFile "c:/IBM/IHSv7/keydb2.kdb" SSLV2Timeout 100 SSLV3Timeout 1000
Subtopics
SSL protocol
SSL directive considerations
Authentication
Encryption
SSL environment variables
SSL directives
Related information