Configuring SSL for the IBM HTTP server

To configure the use of SSL, you must specify SSL directives (properties) in the httpd.conf file in the IBM® HTTP Server. By default, SSL is set to off in the IBM HTTP Server.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

See the configuration information in the "Securing with SSL Communications" topic in the "Securing IBM HTTP Server" section at http://www.ibm.com/support/knowledgecenter/SSAW57/mapfiles/product_welcome_wasnd.html.

For enhanced security, do not use RC4 ciphers. Use the strongest cipher suites that the browser and web server support. To set specific ciphers, see the "Setting advanced SSL options" section at http://www.ibm.com/support/knowledgecenter/SSAW57/mapfiles/product_welcome_wasnd.html.

About this task

To enable SSL on the IBM HTTP Server, use the configuration information to complete these steps:

Procedure

  1. Use the IBM HTTP Server iKeyman utility graphical user interface or command line to create a CMS key database file and self-signed server certificate.
  2. Enable SSL directives in the httpd.conf configuration file for the IBM HTTP Server.
    1. Uncomment the LoadModule ibm_ssl_module modules/mod_ibm_ssl.so configuration directive.
    2. Create an SSL virtual host stanza in the httpd.conf file by using the following examples and directives: 
      LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
<IfModule mod_ibm_ssl.c>
  Listen 443
  <VirtualHost *:443>
    SSLEnable
  </VirtualHost>
</IfModule>
SSLDisable	  
KeyFile "c:/Program Files/IBM HTTP Server/key.kdb"
      Note: On Windows platforms:
      • The load module name is LoadModule ibm_ssl_module modules/mod_ibm_ssl.dll.
      • Always specify the address with the port on the Listen directive. To add the Listen directive in httpd.conf by using the default address 0.0.0.0 to listen on IPv4 port 443, type Listen 0.0.0.0:443.
  3. Stop and start the IBM HTTP Server.
  4. Test the configuration with a browser in an HTTPS session to the IBM HTTP Server (https://ihs_host).