Obtaining certificates
This section provides information to help you get started with secure connections on the Web server. Obtaining certificates is the first step in securing your Web server.
About this task
When you set up secure connections, associate your public key with a digitally-signed certificate from a certificate authority (CA) that is designated as a trusted CA on your server.Procedure
- Buy a certificate from an external certificate authority provider. You
can buy a signed certificate by submitting a certificate request to a CA provider. The IBM HTTP Server supports
several external certificate authorities. By default, many CAs exist as trusted CAs on the IBM HTTP Server. See List of trusted certificate authorities on the IBM HTTP Server.Use the key management utility to create a new key pair and
certificate request to send to an external CA, then define SSL settings in the
httpd.conf file.
- IKEYMAN graphical user interface. If you are unable to use the IKEYMAN interface, use the command line interface gskcmd command.
- Native z/OSĀ® key management (gskkyman key database).
- Create a self-signed certificate. Use the key management utility or purchase certificate authority software from a CA provider.
Related concepts
- List of trusted certificate authorities on the IBM HTTP Server
- Secure Sockets Layer environment variables
Related tasks
- Manage keys with the IKEYMAN graphical interface (Distributed systems)
- Manage keys from the command line (Distributed systems)
- Manage keys with the native key database gskkyman (z/OS systems)