By default, the IBM HTTP Server software component is not enabled to handle requests
using HTTPS protocol. Use this procedure to enable IBM HTTP Server to handle HTTPS
protocol.
Before you begin
The following procedure assumes that you will be using the default key database
/opt/IBM/WebSphere/HTTPServer/conf/ihsserverkey.kdb and self signed certificate
labeled LoadBalancer. If you use a different key database and certificate from
CA, you must make the appropriate changes in /opt/IBM/WebSphere/HTTPServer/conf/httpd.conf
file.
Procedure
-
SSH into the virtual machine in the load balancer pattern instance that is running the IBM HTTP
Server.
-
Uncomment the following lines in /opt/IBM/WebSphere/HTTPServer/conf/httpd.conf
:
Listen 443
SSLCheckCertificateExpiration 30
<VirtualHost *:443>
SSLEnable
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</VirtualHost>
KeyFile /opt/IBM/WebSphere/HTTPServer/conf/ihsserverkey.kdb
SSLDisable
-
Add the SSL server certificate label
SSLServerCert LoadBalancer
after
SSLEnable
. Your /opt/IBM/WebSphere/HTTPServer/conf/httpd.conf
SSL stanza should be similar to the following:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
SSLCheckCertificateExpiration 30
<VirtualHost *:443>
SSLEnable
SSLServerCert LoadBalancer
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</VirtualHost>
KeyFile /opt/IBM/WebSphere/HTTPServer/conf/ihsserverkey.kdb
SSLDisable
-
Execute the following commands:
-
Create the /opt/IBM/WebSphere/HTTPServer/conf/ihsserverkey.kdb:
/opt/IBM/WebSphere/HTTPServer/bin/gskcapicmd -keydb -create -db
/opt/IBM/WebSphere/HTTPServer/conf/ihsserverkey.kdb -pw WebApp -stash -type pkcs12
-
Create a self signed certificate labeled LoadBalancer. Change
<FQDN_OF_HTTP_SERVER> to the actual host name (for example,
ipas-pvm-112-068.purescale.raleigh.ibm.com:
. /opt/IBM/WebSphere/HTTPServer/bin/gskcapicmd -cert -create -db
/opt/IBM/WebSphere/HTTPServer/conf/ihsserverkey.kdb -type kdb -label LoadBalancer -pw
WebApp -dn "CN=<FQDN_OF_HTTP_SERVER>,OU=Root
Certificate,OU=CloudBurstCell_1,OU=CloudBurstNode_5,O=IBM,C=US"
-
Use the following commands to restart the IBM HTTP Server:
/opt/IBM/WebSphere/HTTPServer/bin/apachectl -k stop
/opt/IBM/WebSphere/HTTPServer/bin/apachectl -k start