This document shows how to enable an Apache HTTP server to use SSL on port 443 and non-SSL on port 80.
Resolving The Problem
To enable port 443 to use SSL while port 80 is non-SSL, do the following (to have a potentially associated WebSphere Application Server accept port 443 read Rochester Support Center document N1013078, How to Enable Websphere Application Server to Accept SSL Connections from HTTP: ).
Step 1: In the HTTP Admin in the IBM Web Administration for i5/OS, go to your instance. The one in the following example is called MWSSL. After connecting the browser to port 2001 and logging on, select the HTTP servers tab, and then select the Server in question in the pull-down.
Step 2: In the left pane, go to Server Properties > General Server Configuration.
Step 3: In the right pane, click the Add button under Server and IP addresses and ports to listen on. Then add port 443 under port 80. Leave the FRCA column disabled because FRCA does not work with SSL.
Step 4: Click Continue.
Step 5: Click Apply.
Step 6: The next steps will create the Virtual Host for port 443 so that port 443 will be SSL-enabled and leave port 80 as non-SSL. In the left pane, go to Server Properties > Virtual Hosts.
Step 7: Click on the IP-based tab.
Step 8: Click on the Add button in the right pane under Virtual host containers. In the drop-down box under IP address or Hostname, click All IP addresses; this creates an asterisk (*) in the left box. For the Port, type 443 for the SSL port.
Step 9: Click Continue.
Step 10: Click Apply.
Step 11: The next steps will enable the Virtual Host container to be SSL-enabled. In the upper right of the browser in the Server Area box, click the drop-down arrow and select Virtual Host *:443.
Step 12: In the left pane, click Security; in the right pane, click the SSL with Certificate Authentication tab.
Step 13: In the right pane, select Enabled for the SSL drop-down.
Step 14: Next to Server certificate application name, click the drop-down arrow and select the appropriate name. By default, it is QIBM_HTTP_SERVER_"Instance Name"; for this example, it is QIBM_HTTP_SERVER_MWSSL.
Step 15: Slide down in this same screen to the HTTPS_PORT environment variable and type 443 for your SSL port.
Step 16: Click Apply.
Step 17: Go to Digital Certificate Manager (http://systemname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0) and sign on the *SYSTEM Store.
Step 18: Click Work with server applications under Fast Path on the left menu. You will see your application ID; it is the same name as your SSLAppName from the HTTP configuration. In this sample it is QIBM_HTTP_SERVER_MWSSL.
Step 19: Select the button beside your Application, and then click the Work With Application button.
Step 20: Click the Update Certificate Assignment button.
Step 21: Select the certificate that you want to assign to the application.
Step 22: Click the Assign New Certificate button.
Step 23: Go back into IBM Web Administration for i5/OS and end and restart the instance.
Note: The internet Web links referred to below are not actual links; they are only examples shown in the screen above.
Step 24: After the instance is active, you can access port 80 using non-SSL. In this sample, the URL is http://rchask60/. Then you can also access port 443; by default, you do not need to specify port 443 because it is the well-known port for HTTP SSL: https://rchask60/.
If you use a port other than 443 for SSL, then you must specify it in the browser. For example, if you use port 449, then specify https://rchask60:449/.
Internal Use Only
HTTP SERVER FOR I5/OS (5761DG100)
17 June 2018