Now days most of the production server's are running in Unix machine and it dont have gui mode.
If we need to create certificate for WebServer (IHS Http) using ikeyman utility, we need to export the display to X-windows server.it will take more time to load the X-Window if we are in low bandwidth network
Here the Simple command's create the complete SSL certificate setup
Export JAVA_HOME to execute the gsk7cmd
1) export JAVA_HOME=/opt/WebSphere/AppServer/java
It will create the TEST.kdb, TEST.rdb, TEST.sth, TEST.crl files
2) gsk7cmd -keydb -create -db TEST.kdb -pw passwd -type cms -expire 365 -stash
Then need to create Self-signed certificate to TEST.kdb file.
3) gsk7cmd -cert -create -db TEST.kdb -pw passwd -label "HTTP Server Key" -dn CN=TEST.com,O="IT,C=US" -expire 365 -default_cert yes
We can check the default certificate details using below command
4) gsk7cmd -cert -getdefault -db TEST.kdb -pw passwd
Ouput .....
-------------------------------------------------------------------------
Label: HTTP Server Key
Key Size: 1024
Version: X509 V3
Serial Number: BA BA 6D DB 5C FC F1 D6
Issued By: TEST.com
IT
US
Subject: TEST.com
IT
US
Valid From: Sunday, October 31, 2010 7:13:37 PM GMT To: Tuesday, November 1, 2011 7:13:37 PM GMT
Fingerprint: 3C:B8:C5:7B:61:14:7B:D4:5F:DE:C9:52:3F:BF:10:EB:EA:C2:E5:5F
Signature Algorithm: 1.2.840.113549.1.1.4
Trust Status: enabled
--------------------------------------------------------------------------
5) Then edit the httpd.conf file add the below line
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
SSLEnable
SSLDisable
KeyFile /usr/IBMHTTPServer/ssl/key.kdb
6) Restart IBM HTTP Server using the standard method and confirm that it is now responding on SSL port 443 by hitting the https://ihs_server_name/
No comments:
Post a Comment