ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaie_5.4.0.1/rzaieconfigssladmin.htm

105 lines
6.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="topic" />
<meta name="DC.Title" content="Set up SSL for the administration (ADMIN) server for HTTP Server" />
<meta name="abstract" content="This topic provides information about how to secure your administration server configuration with Secure Socket Layers with the IBM Web Administration for i5/OS interface." />
<meta name="description" content="This topic provides information about how to secure your administration server configuration with Secure Socket Layers with the IBM Web Administration for i5/OS interface." />
<meta name="DC.Relation" scheme="URI" content="rzaieparsecurity.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002,2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaieconfigssladmin" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Set up SSL for the administration (ADMIN) server for HTTP Server</title>
</head>
<body id="rzaieconfigssladmin"><a name="rzaieconfigssladmin"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Set up SSL for the administration (ADMIN) server for HTTP Server</h1>
<div><p>This topic provides information about how to secure your administration
server configuration with Secure Socket Layers with the <span>IBM<sup>®</sup> Web Administration for i5/OS™ interface</span>.</p>
<div class="important"><span class="importanttitle">Important:</span> Information
for this topic supports the latest PTF levels for HTTP Server for i5/OS .
It is recommended that you install the latest PTFs to upgrade to the latest
level of the HTTP Server for i5/OS. Some of the topics documented here are
not available prior to this update. See <a href="http://www-03.ibm.com/servers/eserver/iseries/software/http/services/service.html" target="_blank">http://www.ibm.com/servers/eserver/iseries/software/http/services/service.htm</a> <img src="www.gif" alt="Link outside Information Center" /> for more information. </div>
<p>You can SSL enable the ADMIN server by doing the following: </p>
<ol><li>Make sure that you have the following product and product option
installed: <ul><li>Digital Certificate Manager Option 34 of 5722-SS1</li>
</ul>
</li>
<li>To complete this task you must supply a digital certificate. For more
information on how to obtain a digital certificate, see <a href="../rzahu/rzahurazhudigitalcertmngmnt.htm">Digital
certificate management</a>. </li>
<li>Make sure you have proper authority to the directories and file. See <a href="rzaiesetauth.htm">User profiles and required authorities for HTTP Server</a> for more information.</li>
<li>Make sure that the ADMIN server is running.</li>
<li>Click the <strong>Manage</strong> tab.</li>
<li>Click the <span class="uicontrol">All HTTP Servers</span> subtab.</li>
<li>Select <strong>ADMIN</strong> from the <strong>Server</strong> list.</li>
<li>Select <strong>Include /QIBM/UserData/HTTPA/admin/conf/admin-cust.conf</strong> from
the <strong>Server area</strong> list.</li>
<li>Expand <strong>Tools</strong>.</li>
<li>Select <strong>Edit Configuration File</strong>.<div class="note"><span class="notetitle">Note:</span> The following changes must
be made using the <strong>Edit Configuration File</strong> tool. Use of other editing
tools may result in errors.</div>
</li>
<li>Enter the following information into the configuration file or remove
the "#" symbol to uncomment these lines: <pre>LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen 2001
Listen 2010
SetEnv HTTPS_PORT 2010
&lt;VirtualHost *:2010&gt;
SSLEnable
SSLAppName QIBM_HTTP_SERVER_ADMIN
&lt;/VirtualHost&gt;</pre>
</li>
<li>Click <strong>OK</strong>.</li>
<li>Select <strong>Virtual Host *:2010</strong> from the <span class="uicontrol">Server area</span> list. </li>
<li>Expand <strong>Server properties</strong>, and select <span class="uicontrol">Security</span>. </li>
<li>Click <strong>OK</strong>. </li>
<li>Click the <strong>Related Links</strong> tab.</li>
<li>Click <strong>Digital Certificate Manager</strong>.</li>
<li>Click <strong>Select a Certificate Store</strong>.</li>
<li>Select <strong>*SYSTEM</strong>.</li>
<li>Click <strong>Continue</strong>.</li>
<li>Enter a password in the <strong>Certificate store password </strong>field.</li>
<li>Click <strong>Continue</strong>.</li>
<li>Click <strong>Manage Applications</strong>. </li>
<li>Select <strong>Update certificate assignment</strong>.</li>
<li>Click <strong>Continue</strong>.</li>
<li>Select <strong>Server</strong>.</li>
<li>Click <strong>Continue</strong>.</li>
<li>Select <strong>QIBM_HTTP_SERVER_ADMIN</strong> application name.</li>
<li>Click <strong>Update Certificate Assignment</strong>.</li>
<li>Select the appropriate certificate.</li>
<li>Click <strong>Assign New Certificate</strong> to assign the certificate to the application
name selected in the previous step. </li>
<li>Restart the ADMIN server. </li>
<li>Restart your Web browser. </li>
</ol>
<p>To use the ADMIN server, type <strong>http://[iSeries_hostname]:2001</strong> for
a non-secure connection or <strong>https://[iSeries_hostname]:2010</strong> for a secure
connection.</p>
<div class="note"><span class="notetitle">Note:</span> If you have trouble getting the secure connection working, check the
ADMIN error log file located in the (<tt><strong>\QIBM\UserData\HTTPA\admin\logs\</strong></tt> directory
for information.</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaieparsecurity.htm" title="This topic provides step-by-step tasks for security.">Security tasks</a></div>
</div>
</div>
</body>
</html>