Troubleshooting
Problem
IBM i does not have it's HTTP ADMIN server TLS enabled by default. It needs to be configured by a user on the system. This can be done using the Configure TLS for HTTP server wizard. This wizard can also be used for other HTTP servers.
Environment
IBM i 7.3 and later
HTTP ADMIN Server
Resolving The Problem
You are in: IBM i Technology Updates > Navigator for i > Documentation on Functional Areas > Network > Web Administration > Configure TLS for HTTP Servers
TLS Wizard
The ADMIN HTTP server can be configured to use TLS using these steps in Navigator. The Navigator wizard is now available through the HTTP group update approved in 2025.
Make sure you are running with the latest HTTP group PTF levels. The following is a link to the preventative service planning page that shows the current levels:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021657#1
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021657#1
What is the impact of HTTP Admin
- Legacy web applications on IBM i are accessed through the ADMIN server
- Web Admin GUI is the most commonly used application that leverages ADMIN
You can enable HTTPS by using the Digital Certificate Manager *SYSTEM store.
- Before you launch TLS Wizard:
The *SYSTEM certificate store is required to contain a valid certificate. DCM is the recommended tool for setting up and configuring this certificate store. Launch to DCM is available in Navigator at Bookmarks > DCM
-
-
-
Launch TLS Wizard1. Click Network > Web Administration > HTTP Servers
2. Select ADMIN on the HTTP Servers table, right-click and select Configure TLS Wizard
3. On the Configure Ports step, determine if the non-TLS port should be disabled. (On servers other than ADMIN, the port can also be specified)
4. On the Specify *SYSTEM Store password step, enter the password for the current node's *SYSTEM store.
5. On the Specify Digital Certificate for TLS step, in the dropdown the applicable certificates from the *SYSTEM store will be shown. This step also validates the if the Subject Alternative Name field of the selected certificate is valid for Hostname Verification.
6. On the Restart step, the user can determine if the server should be restarted upon wizard completion, or if the user would prefer to restart the server manually afterwards.
7. On the Summary step, the selections made in the wizard can be reviewed.
Clicking Finish on the Summary step will complete the wizard and have the TLS Configuration for the server set.
Once the server has been restarted, user can connect to Web Admin GUI with the following URL (using port specified above in configuration):https://hostname:2010/HTTPAdmin
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CH1AAM","label":"IBM Navigator for i"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
IBM i
Component:
IBM Navigator for i
Software version:
All Versions
Operating system(s):
IBM i
Document number:
7231413
Modified date:
21 April 2025
UID
ibm17231413
Manage My Notification Subscriptions