Configure the web server plug-in for Secure Sockets Layer
Overview
If we install an external HTTP server, the web server plug-in forwards requests from the external HTTP server to application server internal HTTP transport.
Prerequisites
- Follow instructions provided by the HTTP vendor to install and configure the HTTP server.
- Test the HTTP server by accessing...
- http://myhost
- https://myhost
- Install the web server plug-in.
Configure the plug-in for SSL
- Create a directory on the web server host for storing the key ring file referenced by the plug-in and associated files, for example:
plugin_install_root/etc/keys
- To access configuration options for the keys and certificates, from the console, click...
Servers | Web servers | web server name | Plug-in properties | Manage keys and certificates | OK
By default, we can change the password used to protect the keystore.
- We must copy the keystore and stash to the web server for the web server to function properly
To copy the keystore, and to stash files to a managed web server, select...
Copy to web server keystore directory
For non-managed web servers, use FTP to copy them.
- Optional: Under Additional Properties, we can also select one of the following:
Signer certificates Add new certificates, delete certificates, extract certificates, and to retrieve certificates from a port. Personal certificates Create a new chained or self-signed certificate, delete a certificate, or to import and export a personal certificate. Personal certificate requests Manage personal certificate requests. Custom properties Define custom properties for the keystore.
For iSeries, manually stash the password for the plugin-key.kdb file.
Results
The IBM HTTP Server plug-in and the internal Web server are configured for SSL.
Related concepts
Web server plug-in default configuration in SSLCertificate management in SSL Install IBM HTTP Server Create a self-signed certificate Add the correct SSL Signer certificates to the plug-in keystore