Securing with SSL communications
This section provides information to help you set up Secure
Sockets Layer (SSL), using the default httpd.conf configuration
file.
Setting advanced SSL options
You can enable advanced security options such as: client
authentication, setting and viewing cipher specifications, defining
SSL for multiple-IP virtual hosts, and setting up a reverse proxy
configuration with SSL.
IBM HTTP Server certificate management
Before you can configure IBM HTTP
Server to accept TLS (also known as SSL) connections, you must create
a certificate for your web server. An SSL certificate authenticates
your web servers identity to clients.
Managing keys from the command line (Distributed systems)
The Java command
line interface to IKEYMAN, gskcapicmd, provides the
necessary options to create and manage keys, certificates and certificate
requests. The native utility /bin/gskcapicmd is
always preferred over /bin/gskcmd. gskcapicmd is
faster and some features are added to gskcapicmd before gskcmd
Authenticating with SAF on IBM HTTP Server (z/OS systems)
You can authenticate to the IBM HTTP
Server on z/OS using HTTP basic authentication or client
certificates with the System Authorization Facility (SAF) security
product. Use SAF authentication for verification of user IDs and passwords
or certificates.
Setting up HTTP Strict Transport Security (HSTS)
You can specify HTTP Strict Transport Security (HSTS) in response headers so that your
server advertises to clients that it accepts only HTTPS requests. You can redirect any non-HTTPS
requests to SSL enabled virtual hosts.