How to Install SSL certificate under Websphere/Http server
1. Navigate to the /bin-directory of your IHS-Installation $IHS_HOME
2. execute ./ikeyman to open Key Management Tool
![clip_image002[4]](http://www.oracledbasupport.co.uk/wp-content/uploads/2010/05/clip-image0024.jpg "clip_image002[4]")
3. Use “Key Database File > Open” to open your password-protected Key-Database
![clip_image004[4]](http://www.oracledbasupport.co.uk/wp-content/uploads/2010/05/clip-image0044.jpg "clip_image004[4]")
4. After Key-Database is loaded switch to “Personal Certificate Requests” (under “Key database content”).
![clip_image006[4]](http://www.oracledbasupport.co.uk/wp-content/uploads/2010/05/clip-image0064.jpg "clip_image006[4]")
5. Click New and fill out the certificate request dialog. Depending on your CA-Provider (RapidSSL here) you may need to fill out the dialog in a special way (VeriSign demands the common name to be the domain)
6. Click “OK” to save the certificate request in a file
![clip_image010[4]](http://www.oracledbasupport.co.uk/wp-content/uploads/2010/05/clip-image0104.jpg "clip_image010[4]")
7. Now you need to provide content of certificate request file to your Ceritifcate Authority (e.g.: RapidSSL). You will receiving a new certificate file from them.
![clip_image012[4]](http://www.oracledbasupport.co.uk/wp-content/uploads/2010/05/clip-image0124.jpg "clip_image012[4]")
8. Once you have received certificate switch back to ikeyman->”Personal Certificates” (under “Key database content”)
9. Click Receive and navigate to certificate file. Click Ok to import certificate file.
10. Open httdp.conf File of your IHS and replace SSL-Cert-Name (name will be displayed after the import of new certificate in iKeyman).
Usally a SSL-Cert is definded within a virtual host:
Example:
<VirtualHost “ip-adress”:443>
ServerName www.test.com
SSLEnable
SSLClientAuth 0
SSLServerCert ihssslcert
AllowEncodedSlashes On
DocumentRoot /usr/IBM/HTTPServer/www-doc-root/
</VirtualHost>
11. Restart the IHS-Server
$/opt/IBM/HTTPServer/bin/apachectl stop
$ps -ef | grep httpd (Should return NO results)
/opt/IBM/HTTPServer/bin/apachectl start
$ ps -ef | grep httpd (Should return results like below)
root 13608 1 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
nobody 13610 13608 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
nobody 13611 13608 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
nobody 13612 13608 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
Check the $IHS_HOME/logs/error_log file to see any SSL handshake errors
Leave a Reply
You must be logged in to post a comment.