Setting up SSL for the administration (ADMIN) server for HTTP Server

 

In the IBM HTTP Server for i5/OS, you can secure your administration server configuration with Secure Socket Layers with the IBM Web Administration for i5/OS interface.

Information for this topic supports the latest PTF levels for HTTP Server for iSeries . IBM recommends that you install the latest PTFs to upgrade to the latest level of the HTTP Server for i5/OS. Some of the topics documented here are not available prior to this update. See IBM Service for more information.

You can SSL enable the ADMIN server by doing the following:

  1. Make sure that you have the following product and product option installed:

    • Digital Certificate Manager Option 34 of 5722-SS1

  2. To complete this task supply a digital certificate. For more information on how to obtain a digital certificate, see Digital certificate management.

  3. Make sure you have proper authority to the directories and file. See User profiles and required authorities for HTTP Server for more information.

  4. Make sure that the ADMIN server is running.

  5. Click the Manage tab.

  6. Click the All HTTP Servers subtab.

  7. Select ADMIN from the Server list.

  8. Select Include /QIBM/UserData/HTTPA/admin/conf/admin-cust.conf from the Server area list.

  9. Expand Tools.

  10. Select Edit Configuration File.

    The following changes must be made using the Edit Configuration File tool. Use of other editing tools may result in errors.

  11. Enter the following information into the configuration file or remove the "#" symbol to uncomment these lines: 
    LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM Listen 2001
Listen 2010
SetEnv HTTPS_PORT 2010
<VirtualHost *:2010>
	SSLEnable 	SSLAppName QIBM_HTTP_SERVER_ADMIN </VirtualHost>

  12. Click OK.

  13. Select Virtual Host *:2010 from the Server area list.

  14. Expand Server properties, and select Security.

  15. Click OK.

  16. Click the Related Links tab.

  17. Click Digital Certificate Manager.

  18. Click Select a Certificate Store.

  19. Select *SYSTEM.

  20. Click Continue.

  21. Enter a password in the Certificate store password field.

  22. Click Continue.

  23. Click Manage Applications.

  24. Select Update certificate assignment.

  25. Click Continue.

  26. Select Server.

  27. Click Continue.

  28. Select QIBM_HTTP_SERVER_ADMIN application name.

  29. Click Update Certificate Assignment.

  30. Select the appropriate certificate.

  31. Click Assign New Certificate to assign the certificate to the application name selected in the previous step.

  32. Restart the ADMIN server.

  33. Restart your Web browser.

To use the ADMIN server, type http://[iSeries_hostname]:2001 for a non-secure connection or https://[iSeries_hostname]:2010 for a secure connection.

If you have trouble getting the secure connection working, check the ADMIN error log file located in the (\QIBM\UserData\HTTPA\admin\logs\ directory for information.

 

Parent topic:

Security tasks