<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en-us" xml:lang="en-us"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="security" content="public" /> <meta name="Robots" content="index,follow" /> <meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' /> <meta name="DC.Type" content="task" /> <meta name="DC.Title" content="Configure client authentication for human resources Web server" /> <meta name="DC.Relation" scheme="URI" content="rzahudcmpublicaccessscen.htm" /> <meta name="DC.Relation" scheme="URI" content="rzahustep3createandoperatealocalca.htm" /> <meta name="DC.Relation" scheme="URI" content="rzahustep5startthehumanresourceswebserverinsslmode.htm" /> <meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" /> <meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" /> <meta name="DC.Format" content="XHTML" /> <meta name="DC.Identifier" content="rzahustep4configureclientauthenticationforhumanresourceswebserver" /> <meta name="DC.Language" content="en-us" /> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <link rel="stylesheet" type="text/css" href="./ibmdita.css" /> <link rel="stylesheet" type="text/css" href="./ic.css" /> <title>Configure client authentication for human resources Web server</title> </head> <body id="rzahustep4configureclientauthenticationforhumanresourceswebserver"><a name="rzahustep4configureclientauthenticationforhumanresourceswebserver"><!-- --></a> <!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script> <h1 class="topictitle1">Configure client authentication for human resources Web server</h1> <div><div class="section"><p>You must configure the general authentication settings for the HTTP Server when you specify that the HTTP Server require certificates for authentication. You configure these settings in the same security form that you used to configure the server to use Secure Sockets Layer (SSL). </p> <p>To configure the server to require certificates for client authentication, follow these steps: </p> </div> <ol><li><span>Start the HTTP Server Administration interface.</span></li> <li><span>Using your browser, go to the <span class="keyword">i5/OS™</span> Tasks page on your system at http://your_system_name:2001.</span></li> <li><span>Select <strong>IBM<sup>®</sup> Web Administration for <span class="keyword">i5/OS</span></strong>. </span></li> <li><span>To work with a specific HTTP server, select these page tabs <span class="menucascade"><span class="uicontrol">Manage</span> > <span class="uicontrol">All Servers </span> > <span class="uicontrol">All HTTP Servers</span></span> to view a list of all configured HTTP servers.</span></li> <li><span>Select the appropriate server from the list and click <span class="uicontrol">Manage Details</span>.</span></li> <li><span>In the navigation frame, select <span class="uicontrol">Security</span>.</span></li> <li><span>Select the <span class="uicontrol">Authentication</span> tab in the form.</span></li> <li><span>Select <span class="uicontrol">Use i5/OS profile of client</span>.</span></li> <li><span>In the <span class="uicontrol">Authentication name or realm</span> field, specify a name for the authorization realm.</span></li> <li><span>Select <samp class="codeph">Enabled</samp> for the <span class="uicontrol">Process requests using client's authority</span> field and click <span class="uicontrol">Apply</span>.</span></li> <li><span>Select the <span class="uicontrol">Control Access</span> tab in the form.</span></li> <li><span>Select <span class="uicontrol">All authenticated users (valid user name and password)</span> and click <span class="uicontrol">Apply</span>.</span></li> <li><span>Select the <span class="uicontrol">SSL with Certificate Authentication</span> tab in the form. </span></li> <li><span>Ensure that <samp class="codeph">Enabled</samp> is the selected value in the <span class="uicontrol">SSL</span> field. </span></li> <li><span>In the <span class="uicontrol">Server certificate application name</span> field, ensure that the correct value is specified, for example, <samp class="codeph">QIBM_HTTP_SERVER_MYCOTEST</samp>. </span></li> <li><span>Select <span class="uicontrol">Accept client certificate if available before making connection</span>. Click <span class="uicontrol">OK</span>.</span></li> </ol> <div class="section"><p>You can learn more about the overall configuration needed for your HTTP Server when using SSL in the <a href="../rzaie/rzaiemain.htm">HTTP Server for iSeries™</a> Information topic, especially in an example called Scenario: JKL enables Secure Sockets Layer (SSL) protection on their HTTP Server (powered by Apache). This scenario provides all the task steps for creating a virtual host and configuring it to use SSL.</p> <p>When you complete the client authentication configuration, you can restart the HTTP server in SSL mode and begin protecting the privacy of the data of the human resources application.</p> </div> </div> <div> <div class="familylinks"> <div class="parentlink"><strong>Parent topic:</strong> <a href="rzahudcmpublicaccessscen.htm" title="In this scenario, you to learn how to use certificates as an authentication mechanism to protect and restrict which resources and applications that internal users can access on your internal servers.">Scenario: Use certificates for internal authentication</a></div> <div class="previouslink"><strong>Previous topic:</strong> <a href="rzahustep3createandoperatealocalca.htm">Create and operate a Local CA</a></div> <div class="nextlink"><strong>Next topic:</strong> <a href="rzahustep5startthehumanresourceswebserverinsslmode.htm">Start the human resources Web server in SSL mode</a></div> </div> </div> </body> </html>