Configure client authentication for human resources Web server

You must configure the general authentication settings for the HTTP Server when you specify that the HTTP Server require certificates for authentication. You configure these settings in the same security form that you used to configure the server to use Secure Sockets Layer (SSL).

To configure the server to require certificates for client authentication, follow these steps:

  1. Start the HTTP Server Administration interface.
  2. Using your browser, go to the i5/OS™ Tasks page on your system at http://your_system_name:2001.
  3. Select IBM® Web Administration for i5/OS.
  4. To work with a specific HTTP server, select these page tabs Manage > All Servers > All HTTP Servers to view a list of all configured HTTP servers.
  5. Select the appropriate server from the list and click Manage Details.
  6. In the navigation frame, select Security.
  7. Select the Authentication tab in the form.
  8. Select Use i5/OS profile of client.
  9. In the Authentication name or realm field, specify a name for the authorization realm.
  10. Select Enabled for the Process requests using client's authority field and click Apply.
  11. Select the Control Access tab in the form.
  12. Select All authenticated users (valid user name and password) and click Apply.
  13. Select the SSL with Certificate Authentication tab in the form.
  14. Ensure that Enabled is the selected value in the SSL field.
  15. In the Server certificate application name field, ensure that the correct value is specified, for example, QIBM_HTTP_SERVER_MYCOTEST.
  16. Select Accept client certificate if available before making connection. Click OK.

You can learn more about the overall configuration needed for your HTTP Server when using SSL in the HTTP Server for iSeries™ Information topic, especially in an example called Scenario: JKL enables Secure Sockets Layer (SSL) protection on their HTTP Server (powered by Apache). This scenario provides all the task steps for creating a virtual host and configuring it to use SSL.

When you complete the client authentication configuration, you can restart the HTTP server in SSL mode and begin protecting the privacy of the data of the human resources application.

Parent topic: Scenario: Use certificates for internal authentication
Previous topic: Create and operate a Local CA
Next topic: Start the human resources Web server in SSL mode