61 lines
3.6 KiB
HTML
61 lines
3.6 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>Configuring IBM HTTP Server for i5/OS for SSL client authentication</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h4><a name="secssl"></a>Configuring IBM HTTP Server for i5/OS for SSL client authentication</h4>
|
|
|
|
<p>Use the Configuration and Administration forms of the IBM HTTP Server for i5/OS to configure your IBM HTTP Server for secure sockets layer (SSL) client authentication. For more information, including prerequisites for SSL security, see these topics in the iSeries Information Center:</p>
|
|
<ul>
|
|
<li><a href="../../../icbase/rzain/v5r2rzainoverview.htm" target="_blank">V5R2 Secure Sockets Layer (SSL)</a></li>
|
|
<li><a href="../../../icbase/rzain/v5r3rzainoverview.htm" target="_blank">V5R3 Secure Sockets Layer (SSL)</a></li>
|
|
<li><a href="../../../rzain/rzainoverview.htm">V5R4 Secure Sockets Layer (SSL)</a></li>
|
|
</ul>
|
|
|
|
<p>Use the IBM HTTP Server for i5/OS configuration and administration forms to create a virtual host and configure the port for SSL:</p>
|
|
<ol>
|
|
<li>In the <strong>Server</strong> field, select your HTTP server instance.</li>
|
|
<li>In the left pane, click <strong>General Server Configuration</strong>.</li>
|
|
<li>In the right pane, click the <strong>General Settings</strong> tab.</li>
|
|
<li>Under <strong>Server IP addresses and ports to listen on</strong>, click <strong>Add</strong>. Specify values for these fields:
|
|
<ul>
|
|
<li><strong>IP address</strong>: Type <tt>*</tt> or select <tt>All IP addresses</tt> from the menu.</li>
|
|
<li><strong>Port</strong>: Enter the port number you want to protect with SSL.</li>
|
|
<li><strong>FRCA</strong>: If this field is present, set it to <tt>Disabled</tt>.</li>
|
|
</ul></li>
|
|
<li>Click <strong>OK</strong>.</li>
|
|
<li>In the right pane, select <strong>Global Configuration</strong> in the <strong>Server area</strong>.</li>
|
|
<li>In the left pane, click <strong>Container Management</strong>.</li>
|
|
<li>In the right pane, select the <strong>Virtual Hosts</strong> tab.</li>
|
|
<li>Click <strong>Add</strong>.</li>
|
|
<li>For the <strong>IP address or host name</strong> field, select <strong>All IP addresses</strong>.</li>
|
|
<li>For the <strong>Port</strong> field, enter the port number you wish to protect with SSL.</li>
|
|
<li>Click <strong>OK</strong>.</li>
|
|
<li>Select your new virtual host in the <strong>Server area</strong>.</li>
|
|
<li>In the left pane, click <strong>Security</strong>.</li>
|
|
<li>In the right pane, select <strong>Enable SSL</strong>.</li>
|
|
<li>For the <strong>Server certificate application name</strong> field, select the automatically generated Application ID (QIBM_HTTP_SERVER_LDH for example).</li>
|
|
<li>Select <strong>Require client certificate for connection</strong>.</li>
|
|
<li>Click <strong>OK</strong>.</li>
|
|
</ol>
|
|
|
|
<p>To complete this task you need the Application ID you selected above to install a server certificate for your Web server. Use the IBM Digital Certificate Manager (DCM) to install certificates on your Web server and Web
|
|
browsers. See these topics in the iSeries Information Center:</p>
|
|
<ul>
|
|
<li><a href="../../../icbase/rzahu/v5r2rzahurazhudigitalcertmngmnt.htm" target="_blank">V5R2 Digital Certificate Manager</a></li>
|
|
<li><a href="../../../icbase/rzahu/v5r3rzahurazhudigitalcertmngmnt.htm" target="_blank">V5R3 Digital Certificate Manager</a></li>
|
|
<li><a href="../../../rzahu/rzahurazhudigitalcertmngmnt.htm">V5R4 Digital Certificate Manager</a></li>
|
|
|
|
</ul>
|
|
|
|
</body>
|
|
</html>
|