This section provides information to help you get started with
secure connections on the Web server. Obtaining certificates is the first
step in securing your Web server.
About this task
When you set up secure connections, associate your public key with
a digitally-signed certificate from a certificate authority (CA) that is designated
as a trusted CA on your server.
Procedure
- Buy a certificate from an external certificate authority provider.
You can buy a signed certificate by submitting a certificate request
to a CA provider. The IBM® HTTP Server supports several external certificate
authorities. By default, many CAs exist as trusted CAs on the IBM HTTP Server.
See List of trusted certificate authorities on the IBM HTTP Server.
Use the key management utility
to create a new key pair and certificate request to send to an external CA,
then define SSL settings in the
httpd.conf file.
IKEYMAN graphical user interface. If you are unable to
use the IKEYMAN interface, use the command line interface gsk7cmd command.
Native z/OS® key management (gskkyman key database).
- Create a self-signed certificate. Use the key
management utility or purchase certificate authority software from a CA provider.