ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/secssl.htm

61 lines
3.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configuring IBM HTTP Server for i5/OS for SSL client authentication</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h4><a name="secssl"></a>Configuring IBM HTTP Server for i5/OS for SSL client authentication</h4>
<p>Use the Configuration and Administration forms of the IBM HTTP Server for i5/OS to configure your IBM HTTP Server for secure sockets layer (SSL) client authentication. For more information, including prerequisites for SSL security, see these topics in the iSeries Information Center:</p>
<ul>
<li><a href="../../../icbase/rzain/v5r2rzainoverview.htm" target="_blank">V5R2 Secure Sockets Layer (SSL)</a></li>
<li><a href="../../../icbase/rzain/v5r3rzainoverview.htm" target="_blank">V5R3 Secure Sockets Layer (SSL)</a></li>
<li><a href="../../../rzain/rzainoverview.htm">V5R4 Secure Sockets Layer (SSL)</a></li>
</ul>
<p>Use the IBM HTTP Server for i5/OS configuration and administration forms to create a virtual host and configure the port for SSL:</p>
<ol>
<li>In the <strong>Server</strong> field, select your HTTP server instance.</li>
<li>In the left pane, click <strong>General Server Configuration</strong>.</li>
<li>In the right pane, click the <strong>General Settings</strong> tab.</li>
<li>Under <strong>Server IP addresses and ports to listen on</strong>, click <strong>Add</strong>. Specify values for these fields:
<ul>
<li><strong>IP address</strong>: Type <tt>*</tt> or select <tt>All IP addresses</tt> from the menu.</li>
<li><strong>Port</strong>: Enter the port number you want to protect with SSL.</li>
<li><strong>FRCA</strong>: If this field is present, set it to <tt>Disabled</tt>.</li>
</ul></li>
<li>Click <strong>OK</strong>.</li>
<li>In the right pane, select <strong>Global Configuration</strong> in the <strong>Server area</strong>.</li>
<li>In the left pane, click <strong>Container Management</strong>.</li>
<li>In the right pane, select the <strong>Virtual Hosts</strong> tab.</li>
<li>Click <strong>Add</strong>.</li>
<li>For the <strong>IP address or host name</strong> field, select <strong>All IP addresses</strong>.</li>
<li>For the <strong>Port</strong> field, enter the port number you wish to protect with SSL.</li>
<li>Click <strong>OK</strong>.</li>
<li>Select your new virtual host in the <strong>Server area</strong>.</li>
<li>In the left pane, click <strong>Security</strong>.</li>
<li>In the right pane, select <strong>Enable SSL</strong>.</li>
<li>For the <strong>Server certificate application name</strong> field, select the automatically generated Application ID (QIBM_HTTP_SERVER_LDH for example).</li>
<li>Select <strong>Require client certificate for connection</strong>.</li>
<li>Click <strong>OK</strong>.</li>
</ol>
<p>To complete this task you need the Application ID you selected above to install a server certificate for your Web server. Use the IBM Digital Certificate Manager (DCM) to install certificates on your Web server and Web
browsers. See these topics in the iSeries Information Center:</p>
<ul>
<li><a href="../../../icbase/rzahu/v5r2rzahurazhudigitalcertmngmnt.htm" target="_blank">V5R2 Digital Certificate Manager</a></li>
<li><a href="../../../icbase/rzahu/v5r3rzahurazhudigitalcertmngmnt.htm" target="_blank">V5R3 Digital Certificate Manager</a></li>
<li><a href="../../../rzahu/rzahurazhudigitalcertmngmnt.htm">V5R4 Digital Certificate Manager</a></li>
</ul>
</body>
</html>