Using X.509 certificates from a key database to configure ITOMweb to support SSL or TLS

Configure SSL or TLS to enable secure communication between web browsers and the ITOMweb virtual host on the IBM® HTTP Server (powered by Apache) using the X.509 certificates that are stored in a key database.

The following examples describe the basic steps and required configuration directives. Configure other SSL directives as specified by your organization policies.
  1. Uncomment the LoadModule ibm_ssl_module modules/ configuration directive in the httpd.con file.
  2. In the omweb.vhost.conf file, add the following lines immediately after the ServerName configuration directive:
    1. SSLEnable
    2. KeyFile /directory-tree/xxxKeys.kdb
    3. SSLClientAuth Optional
    4. SSLServerCert Host Server Cert Label
  3. Immediately after the configuration directive that ends the virtual host definition (</VirtualHost>), add the following configuration directive:
    1. SSLDisable
    The key database must contain the server certificate including its private key and all the certificates in the certificate chain all the way back to the Root CA certificate.