Configure SSL for the IBM HTTP server

Configure SSL for the IBM HTTP server
To configure the use of SSL, we must specify SSL directives (properties) in the httpd.conf file in the IBM HTTP Server. By default, SSL is set to off in the IBM HTTP Server.

See the configuration information in the "Securing with SSL Communications" topic in the "Securing IBM HTTP Server" section at http://www.ibm.com/support/knowledgecenter/SSAW57/mapfiles/product_welcome_wasnd.html.
For enhanced security, do not use RC4 ciphers. Use the strongest cipher suites that the browser and web server support. To set specific ciphers, see the "Setting advanced SSL options" section at http://www.ibm.com/support/knowledgecenter/SSAW57/mapfiles/product_welcome_wasnd.html.

To enable SSL on the IBM HTTP Server, use the configuration information to complete these steps.

Use the IBM HTTP Server iKeyman utility graphical user interface or command line to create a CMS key database file and self-signed server certificate.
Enable SSL directives in the httpd.conf configuration file for the IBM HTTP Server.

Uncomment the LoadModule ibm_ssl_module modules/mod_ibm_ssl.so configuration directive.
Create an SSL virtual host stanza in the httpd.conf file using the following examples and directives:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <IfModule mod_ibm_ssl.c> Listen 443 <VirtualHost *:443> SSLEnable </VirtualHost> </IfModule> SSLDisable KeyFile "c:/Program Files/IBM HTTP Server/key.kdb"
On Windows platforms:

The load module name is LoadModule ibm_ssl_module modules/mod_ibm_ssl.dll.
Always specify the address with the port on the Listen directive. To add the Listen directive in httpd.conf by using the default address 0.0.0.0 to listen on IPv4 port 443, type Listen 0.0.0.0:443.

Stop and start the IBM HTTP Server.
Test the configuration with a browser in an HTTPS session to the IBM HTTP Server (https://ihs_host).

Parent topic: SSL for the IBM HTTP server and Application server plug-in