Using X.509 certificates from a key database to configure ITOMweb to support SSL or TLS

Configure SSL or TLS to enable secure communication between web browsers and the ITOMweb virtual host on the IBM® HTTP Server (powered by Apache) using the X.509 certificates that are stored in a key database.

The following examples describe the basic steps and required configuration directives. Configure other SSL directives as specified by your organization policies.

Uncomment the LoadModule ibm_ssl_module modules/mod_ibm_ssl.so configuration directive in the httpd.con file.
In the omweb.vhost.conf file, add the following lines immediately after the ServerName configuration directive:
1. SSLEnable
2. KeyFile /directory-tree/xxxKeys.kdb
3. SSLClientAuth Optional
4. SSLServerCert Host Server Cert Label
Immediately after the configuration directive that ends the virtual host definition (</VirtualHost>), add the following configuration directive:
1. SSLDisable
The key database must contain the server certificate including its private key and all the certificates in the certificate chain all the way back to the Root CA certificate.

<VirtualHost *:8392>
  ServerAdmin admin@domain.com
  DocumentRoot /itom/om
  ServerName RS13:8392
  SSLEnable
  KeyFile itomweb.kdb
  SSLStashFile itomweb.sth
  SSLClientAuth None
  SSLServerCert "RS13"