{"id":5383,"date":"2015-10-27T10:17:33","date_gmt":"2015-10-27T02:17:33","guid":{"rendered":"http:\/\/rmohan.com\/?p=5383"},"modified":"2015-10-27T10:17:33","modified_gmt":"2015-10-27T02:17:33","slug":"how-to-install-an-ssl-certificate-on-ihs-ibm-http-server","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5383","title":{"rendered":"How to install an SSL certificate on IHS (IBM HTTP Server)"},"content":{"rendered":"<p><script src=\"https:\/\/apis.google.com\/_\/scs\/apps-static\/_\/js\/k=oz.gapi.en.n0nwg5Ns4n8.O\/m=gapi_iframes_style_slide_menu\/exm=plusone,profile\/rt=j\/sv=1\/d=1\/ed=1\/am=AQ\/rs=AGLTcCM0sL1N3pOv6TdlcJPARJC2zeCz_A\/t=zcms\/cb=gapi.loaded_2\" async=\"\"><\/script><script src=\"https:\/\/apis.google.com\/_\/scs\/apps-static\/_\/js\/k=oz.gapi.en.n0nwg5Ns4n8.O\/m=profile\/exm=plusone\/rt=j\/sv=1\/d=1\/ed=1\/am=AQ\/rs=AGLTcCM0sL1N3pOv6TdlcJPARJC2zeCz_A\/t=zcms\/cb=gapi.loaded_1\" async=\"\"><\/script><script src=\"https:\/\/apis.google.com\/_\/scs\/apps-static\/_\/js\/k=oz.gapi.en.n0nwg5Ns4n8.O\/m=plusone\/rt=j\/sv=1\/d=1\/ed=1\/am=AQ\/rs=AGLTcCM0sL1N3pOv6TdlcJPARJC2zeCz_A\/t=zcms\/cb=gapi.loaded_0\" async=\"\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\n(function() { (function(){function c(a){this.t={};this.tick=function(a,c,b){var d=void 0!=b?b:(new Date).getTime();this.t[a]=[d,c];if(void 0==b)try{window.console.timeStamp(\"CSI\/\"+a)}catch(e){}};this.tick(\"start\",null,a)}var a;window.performance&#038;&#038;(a=window.performance.timing);var h=a?new c(a.responseStart):new c;window.jstiming={Timer:c,load:h};if(a){var b=a.navigationStart,e=a.responseStart;0<b&#038;&#038;e>=b&&(window.jstiming.srt=e-b)}if(a){var d=window.jstiming.load;0<b&#038;&#038;e>=b&&(d.tick(\"_wtsrt\",void 0,b),d.tick(\"wtsrt_\",\n\"_wtsrt\",e),d.tick(\"tbsd_\",\"wtsrt_\"))}try{a=null,window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),d&&0<b&#038;&#038;(d.tick(\"_tbnd\",void 0,window.chrome.csi().startE),d.tick(\"tbnd_\",\"_tbnd\",b))),null==a&#038;&#038;window.gtbExternal&#038;&#038;(a=window.gtbExternal.pageT()),null==a&#038;&#038;window.external&#038;&#038;(a=window.external.pageT,d&#038;&#038;0<b&#038;&#038;(d.tick(\"_tbnd\",void 0,window.external.startE),d.tick(\"tbnd_\",\"_tbnd\",b))),a&#038;&#038;(window.jstiming.pt=a)}catch(k){}})();window.tickAboveFold=function(c){var a=0;if(c.offsetParent){do a+=c.offsetTop;while(c=c.offsetParent)}c=a;750>=c&&window.jstiming.load.tick(\"aft\")};var f=!1;function g(){f||(f=!0,window.jstiming.load.tick(\"firstScrollTime\"))}window.addEventListener?window.addEventListener(\"scroll\",g,!1):window.attachEvent(\"onscroll\",g);\n })();\n\/\/ ]]><\/script><!-- [if IE]><script type=\"text\/javascript\" src=\"https:\/\/www.blogger.com\/static\/v1\/jsbin\/3382421118-ieretrofit.js\"><\/script>\n<![endif]--> <!-- [if IE]> <script> (function() { var html5 = (\"abbr,article,aside,audio,canvas,datalist,details,\" + \"figure,footer,header,hgroup,mark,menu,meter,nav,output,\" + \"progress,section,time,video\").split(','); for (var i = 0; i < html5.length; i++) { document.createElement(html5[i]); } try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {} })(); <\/script> <![endif]--> How to install an SSL certificate on IHS (IBM HTTP Server)<script src=\"\/\/www.blogblog.com\/dynamicviews\/19533a18d3ac08a1\/js\/thirdparty\/jquery.js\" type=\"text\/javascript\"><\/script><script src=\"\/\/www.blogblog.com\/dynamicviews\/19533a18d3ac08a1\/js\/thirdparty\/jquery-mousewheel.js\" type=\"text\/javascript\"><\/script><script src=\"\/\/www.blogblog.com\/dynamicviews\/19533a18d3ac08a1\/js\/common.js\" type=\"text\/javascript\"><\/script><script src=\"\/\/www.blogblog.com\/dynamicviews\/19533a18d3ac08a1\/js\/sidebar.js\" type=\"text\/javascript\"><\/script><script src=\"\/\/www.blogblog.com\/dynamicviews\/19533a18d3ac08a1\/js\/gadgets.js\" type=\"text\/javascript\"><\/script><script src=\"\/\/www.blogblog.com\/dynamicviews\/4224c15c4e7c9321\/js\/comments.js\"><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nvar a=\"&#038;m=1\",d=\"(^|&#038;)m=\",e=\"?\",f=\"?m=1\";function g(){var b=window.location.href,c=b.split(e);switch(c.length){case 1:return b+f;case 2:return 0<=c[1].search(d)?null:b+a;default:return null}}var h=navigator.userAgent;if(-1!=h.indexOf(\"Mobile\")&#038;&#038;-1!=h.indexOf(\"WebKit\")&#038;&#038;-1==h.indexOf(\"iPad\")||-1!=h.indexOf(\"Opera Mini\")||-1!=h.indexOf(\"IEMobile\")){var k=g();k&#038;&#038;window.location.replace(k)};\n\/\/ ]]><\/script><script type=\"text\/javascript\">\/\/ <![CDATA[\nif (window.jstiming) window.jstiming.load.tick('headEnd');\n\/\/ ]]><\/script><!-- Yo Dawg... --><\/p>\n<div id=\"main\" class=\"hfeed\" tabindex=\"0\">\n<div id=\"content\">\n<div class=\"article hentry  \">\n<div class=\"article-header\">\n<h1 class=\"title entry-title\"><a href=\"http:\/\/programmingspot.blogspot.com\/2011\/10\/how-to-install-ssl-certificate-on-ihs.html\" rel=\"bookmark\" data-id=\"7181343789696021823\" data-item-type=\"post\">How to install an SSL certificate on IHS (IBM HTTP Server)<\/a><\/h1>\n<\/div>\n<div class=\"article-content entry-content\">\nI&#8217;m going to explain how to install an SSL certificate on IHS (IBM HTTP Server).<\/p>\n<p>I have received this request yesterday and today I have struggled with this configuration. So, now if you are in a hurry, I think you can configure an SSL in 5 minutes. So let&#8217;s go through the steps:<\/p>\n<p>* TIPS<br \/>\nTIP 1 &#8211; Create a .sh script for creating the db, for importing certificates and for receiving the signed key.<br \/>\nTIP 2 &#8211; gsk7cmd command supports -Xms1024m -Xmx2048m options for adding extra heap memory to java. This is very usefull because some times you end up with OutOfMemory errors.<br \/>\nTIP3 &#8211; After creating the request you can see the request by list request certificates in the keystore, after receiving the signed certificate the certificate request is removed. Don&#8217;t worry, this is normal.<br \/>\nTIP4 &#8211; SL0208E: SSL Handshake Failed, Certificate validation error.\u00a0 This error is related to the Root Class3 certificate. Don&#8217;t forget to import it to the keystore.<\/p>\n<p>Step 1 &#8211; Configure your environment variables<\/p>\n<p>Using command line (as almost on every server)<\/p>\n<p>Step 1 &#8211; Configure your environment<\/p>\n<p>export JAVA_HOME=\/java\/jre<br \/>\nexport PATH=\/java\/jre\/bin:$PATH<\/p>\n<p>Step 2 &#8211; Create a new key store database:<\/p>\n<p>IHS_ROOT_DIR\/gsk7\/bin\/gsk7cmd -keydb -create -db\u00a0keystore -pw 1234 -type cms -stash<\/p>\n<p>Step3 &#8211; Create a new Key Request:<\/p>\n<p>IHS_ROOT_DIR\/gsk7\/bin\/gsk7cmd -certreq -create -db keystore.kdb -pw 1234 &#8211;<\/p>\n<p>label\u00a0keystorelabel -dn &#8220;CN=subdomain.yourcompany.com,O=Company Name,OU=OrganizationUnit,L=Sao Paulo,ST=Sao Paulo,C=BR&#8221; -size 2048 -file keyrequest.csr<\/p>\n<p>Step3 &#8211; Import primary and secondary intermediate certsign public keys<\/p>\n<p>access this link\u00a0and copy the\u00a0primary and secondary intermediate\u00a0keys<\/p>\n<p><a href=\"http:\/\/www.verisign.com\/support\/verisign-intermediate-ca\/secure-site-intermediate\/index.html\">http:\/\/www.verisign.com\/support\/verisign-intermediate-ca\/secure-site-intermediate\/index.html<\/a><\/p>\n<p>copy the Primary Intermediate CA Certificate and save in a file called<br \/>\nprimary.crt<\/p>\n<p>copy the Secondary Intermediate CA Certificate and save in a file called<br \/>\nsecondary.crt<\/p>\n<p>access Verisign link and choose your product. The most common is &#8220;Standard SSL&#8221;<\/p>\n<p><a href=\"https:\/\/knowledge.verisign.com\/support\/mpki-for-ssl-support\/index?page=content&amp;actp=CROSSLINK&amp;id=SO4785\">https:\/\/knowledge.verisign.com\/support\/mpki-for-ssl-support\/index?page=content&amp;actp=CROSSLINK&amp;id=SO4785<\/a><\/p>\n<p>Access your product. After accessing your product link, it will be displayed the Class 3 Public Primary Certification Authority. Copy the certificate and store it in a file called<\/p>\n<p>rootclasscert.crt<\/p>\n<p>so now you have the 3 certificates:<\/p>\n<p>primary.crt<br \/>\nsecondary.crt<br \/>\nrootclasscert.crt<\/p>\n<p>Step 4 &#8211; Import primary, secondary and rootclasscert into your keystore.kdb database<\/p>\n<p>IHS_ROOT_DIR\/gsk7\/bin\/gsk7cmd -Xms1024m -Xmx2048m -cert -add -db keystore.<br \/>\nkdb -pw 1234 -label\u00a0primary -format ascii -trust enable -file primary.crt<\/p>\n<p>IHS_ROOT_DIR\/gsk7\/bin\/gsk7cmd -Xms1024m -Xmx2048m -cert -add -db keystore.<\/p>\n<p>kdb -pw 1234 -label\u00a0secondary -format ascii -trust enable -file secondary.crt<\/p>\n<p>IHS_ROOT_DIR\/gsk7\/bin\/gsk7cmd -Xms1024m -Xmx2048m -cert -add -db keystore.<\/p>\n<p>kdb -pw 1234 -label\u00a0rootclasscert -format ascii -trust enable -file rootclasscert.crt<\/p>\n<p>Step\u00a0 5 &#8211; Send your request file keyrequest.csr to Verisign so to receive a signed certificate.<\/p>\n<p>This step is atomic. You access your Verisign account and copy and paste the request key and Verisign will send the signed certificate by email at the same time.<\/p>\n<p>Step 6 &#8211; Receive the file and store it in your database<\/p>\n<p>Copy the content of the cert.cer or copy the attached file to your server and issue the following command:<\/p>\n<p>IHS_ROOT_DIR\/gsk7\/bin\/gsk7cmd -Xms1024m -Xmx2048m -cert -receive -file\u00a0cert.cer -db keystore.kdb -pw 1234 -format ascii -default_cert yes<\/p>\n<p>Step 7 &#8211; Configure your IHS to point to the new keystore<\/p>\n<p>Example:<\/p>\n<p>LoadModule ibm_ssl_module modules\/mod_ibm_ssl.so<\/p>\n<p>Listen 443<\/p>\n<p>&lt; virtualhost your.ip.address.number:443 &gt;<br \/>\nServerName your.ip.address.number<br \/>\nSSLEnable<br \/>\nSSLProtocolDisable SSLv2<br \/>\nKeyFile YOUR_PATH\/SSL\/keystore.kdb<br \/>\n&lt; \/virtualhost&gt;<br \/>\nSSLDisable<\/p>\n<p>Step 8 &#8211; Stop and Start IHS.<\/p>\n<p>IHS_ROOT_DIR\/bin\/adminctl stop<br \/>\nIHS_ROOT_DIR\/bin\/apachectl stop<\/p>\n<p>IHS_ROOT_DIR\/bin\/adminctl start<br \/>\nIHS_ROOT_DIR\/bin\/apachectl start<\/p>\n<p>check your server now using <a href=\"https:\/\/yourserver\/\">https:\/\/yourserver\/<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\/\/ =b&#038;&#038;(window.jstiming.srt=e-b)}if(a){var d=window.jstiming.load;0=b&#038;&#038;(d.tick(&#8220;_wtsrt&#8221;,void 0,b),d.tick(&#8220;wtsrt_&#8221;, &#8220;_wtsrt&#8221;,e),d.tick(&#8220;tbsd_&#8221;,&#8221;wtsrt_&#8221;))}try{a=null,window.chrome&#038;&#038;window.chrome.csi&#038;&#038;(a=Math.floor(window.chrome.csi().pageT),d&#038;&#038;0 How to install an SSL certificate on IHS (IBM HTTP Server)\/\/ \/\/ <\/p>\n<p> How to install an SSL certificate on IHS (IBM HTTP Server) I&#8217;m going to explain how to install an SSL certificate on IHS (IBM HTTP Server).<\/p>\n<p>I have received this request yesterday and today I have struggled [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5383"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5383"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5383\/revisions"}],"predecessor-version":[{"id":5384,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5383\/revisions\/5384"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}