Getting Started Quickly IBM HTTP Server documentation

Getting started quickly with secure connections

This section provides information to help you get started with secure connections. This information includes how to obtain certificates, create self-signed certificates and set up the Secure Sockets Layer (SSL). Links to related topics appear at the end of this section.

Obtaining certificates

When you set up secure connections, associate your public key with a digitally signed certificate from a certificate authority (CA), designated as a trusted CA on your server.

You can obtain a certificate two ways:

  • Buy a certificate from an external CA provider
  • Create a self-signed certificate

Buying a certificate from an external certificate authority provider

You can buy a signed certificate by submitting a certificate request to a CA provider. The IBM HTTP Server supports several external certificate authorities. By default, many CAs exist as trusted CAs on the IBM HTTP Server. See Listing trusted CAs on the IBM HTTP Server for a list.

Use IKEYMAN to create a new key pair and certificate request to send to an external CA. Then define SSL settings in the Security folder in the Administration Server.

Creating a self-signed certificate

To create a self-signed certificate, you can use your key management utility (IKEYMAN), or you can purchase certificate authority software from a CA provider.

Setting up Secure Sockets Layer using the default configuration file

To set up Secure Sockets Layer (SSL) using the default configuration file (<install_root>/conf/httpd.conf):

Pertains to Linux PPC users
  1. Specify the SSLEnable directive in the configuration file, to enable SSL.
  2. Specify a Keyfile directive and any SSL directives you want to enable.
  3. If you run the IBM HTTP Server on the Linux for PowerPC (PPC) operating system, you need to add the Listen 0.0.0.0:443 directive to the configuration file to enable SSL. If you do not specify this directive, you will receive a PEER_ID_NOT_SET error in the error log when you try to connect to the server.
  4. Restart the server.

Starting a secure virtual host

To start a secure virtual host:

  1. Specify the SSLEnable directive in the virtual host stanza in the configuration file, to enable SSL for a virtual host.
  2. Specify a Keyfile directive and any SSL directives you want to enable for that particular virtual host. You can specify any directive, with the exception of the cache directives, inside a virtual host.
  3. Restart the server.
 
Finding related information

     (Back to the top)