Securing IBM HTTP Server

This section lists topic overviews for securing IBM® HTTP Server.

• Configure SSL between the IBM HTTP Server Administration Server and the deployment manager
• Securing with SSL communications.
  For secure communication, you can set up the Secure Sockets Layer (SSL) directives in the default httpd.conf configuration file.
• Setting advanced SSL options.
  More advanced SSL options to secure your IBM HTTP Server are also available. Advanced SSL options include: setting the level and type of client authentication, setting cipher specifications, defining SSL for multiple-IP virtual hosts, and configuring reverse proxy setup with SSL.
• Managing keys with the IKEYMAN graphical interface (Distributed systems).
  You can set up the Key Management utility (IKEYMAN) with IBM HTTP Server to create key databases, public and private key pairs and certificate requests. Use the IKEYMAN graphical user interface rather than using the command line interface.
• Managing keys from the command line (Distributed systems).
  You can use IKEYCMD, which is the Java™ command line interface to IKEYMAN. Use the command line only if you are unable to use the graphical user interface.
• Managing keys with the native key database gskkyman (z/OS systems)
  You can use the native z/OS key management (gskkyman key database) with IBM HTTP Server to create key databases, public and private key pairs and certificate requests.
• Getting started with the cryptographic hardware for SSL (Distributed systems).
  You can use cryptographic hardware for SSL. The IBM 4758 requires the PKCS11 software for the host machine and internal firmware.
• Authenticating with LDAP on IBM HTTP Server using mod_ldap
  You can configure LDAP to protect files on IBM HTTP Server.
• Authenticating with SAF on IBM HTTP Server (z/OS systems).
  You can provide IBM HTTP Server with user authentication using the System Authorization Facility security product.