[AIX HP-UX Linux Solaris Windows]This topic applies only on the z/OS operating system.

Securing with SSL communications

This section provides information to help you set up Secure Sockets Layer (SSL), using the default httpd.conf configuration file.

Procedure

  1. [AIX Solaris HP-UX Linux Windows] Use the IBM® HTTP Server IKEYMAN utility (graphical user interface) or IKEYMAN utility (command line) to create a CMS key database file and self-signed server certificate.
  2. [z/OS] IBM HTTP Server uses the z/OS® gskkyman tool for key management to create a CMS key database file, public and private key pairs, and self-signed certificates. Or, you can create a SAF keyring in place of a CMS key database file.
  3. Enable SSL directives in the IBM HTTP Server httpd.conf configuration file.
    1. Uncomment the LoadModule ibm_ssl_module modules/mod_ibm_ssl.so configuration directive.
    2. Create an SSL virtual host stanza in the httpd.conf file using the following examples and directives.
      LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
      <IfModule mod_ibm_ssl.c>
        Listen 443
        <VirtualHost *:443>
          SSLEnable
        </VirtualHost>
      </IfModule>
      SSLDisable	  
      KeyFile "c:/Program Files/IBM HTTP Server/key.kdb"

      This second example assumes that you are enabling a single Web site to use SSL, and the server name is different from the server name that is defined in the global scope for non-SSL (port 80). Both host names must be registered in a domain name server (DNS) to a separate IP address, and you must configure both IP addresses on local network interface cards.

      Listen 80
      ServerName www.mycompany.com
      
      <Directory "c:/Program Files/IBM HTTP Server/htdocs">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      <Directory>
      
      DocumentRoot "c:/program files/ibm http server/htdocs"
      DirectoryIndex index.html
      
      <VirtualHost 192.168.1.103:80>
      ServerName www.mycompany2.com
      <Directory "c:/Program Files/IBM HTTP Server/htdocs2">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs2"
      DirectoryIndex index2.html
      </VirtualHost>
      
      Listen 443
      <VirtualHost 192.168.1.103:443>
      ServerName www.mycompany2.com
      SSLEnable
      SSLClientAuth None
      <Directory "c:/Program Files/IBM HTTP Server/htdocs2">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs2"
      DirectoryIndex index2.html
      </VirtualHost>
      
      SSLDisable
      KeyFile "c:/program files/ibm http server/key.kdb"
      SSLV2Timeout 100
      SSLV3Timeout 1000
      This third example assumes that you are enabling multiple Web sites to use SSL. All host names must be registered in the domain name server (DNS) to a separate IP address. Also, you must configure all of the IP addresses on a local network interface card. Use the SSLServerCert directive to identify which personal server certificate in the key database file passes to the client browser during the SSL handshake for each Web site. If you have not defined the SSLServerCert directive, IBM HTTP Server passes the certificate in the key database file that is marked (*) as the "default key".
      Listen 80
      ServerName www.mycompany.com
      
      <Directory "c:/Program Files/IBM HTTP Server/htdocs">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      
      DocumentRoot "c:/program files/ibm http server/htdocs"
      DirectoryIndex index.html
      
      <VirtualHost 192.168.1.103:80>
      ServerName www.mycompany2.com
      <Directory "c:/Program Files/IBM HTTP Server/htdocs2">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs2"
      DirectoryIndex index2.html
      </VirtualHost>
      
      <VirtualHost 192.168.1.104:80>
      ServerName www.mycompany3.com
      <Directory "c:/Program Files/IBM HTTP Server/htdocs3">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs3"
      DirectoryIndex index3.html
      </VirtualHost>
      
      Listen 443
      <VirtualHost 192.168.1.102:443>
      ServerName www.mycompany.com
      SSLEnable
      SSLClientAuth None
      SSLServerCert mycompany
      <Directory "c:/Program Files/IBM HTTP Server/htdocs">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs"
      DirectoryIndex index.html
      </VirtualHost>
      
      <VirtualHost 192.168.1.103:443>
      ServerName www.mycompany2.com
      SSLEnable
      SSLClientAuth None
      SSLServerCert mycompany2
      <Directory "c:/Program Files/IBM HTTP Server/htdocs2">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs2"
      DirectoryIndex index2.html
      </VirtualHost>
      
      <VirtualHost 192.168.1.104:443>
      ServerName www.mycompany3.com
      SSLEnable
      SSLClientAuth None
      SSLServerCert mycompany3
      <Directory "c:/Program Files/IBM HTTP Server/htdocs3">
      Options Indexes
      AllowOverride None
      order allow,deny
      allow from all
      </Directory>
      DocumentRoot "c:/program files/ibm http server/htdocs3"
      DirectoryIndex index3.html
      </VirtualHost>
      
      SSLDisable
      KeyFile "c:/program files/ibm http server/key.kdb"
      SSLV2Timeout 100
      SSLV3Timeout 1000



Subtopics
Secure Sockets Layer (SSL) protocol
SSL directive considerations
Authentication
Encryption
Secure Sockets Layer environment variables
SSL directives
Related information
Guide to properly setting up SSL within the IBM HTTP Server
Task topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 11:50:03 AM CDT
File name: tihs_setupssl.html