Secure Socket Layer (SSL) is a security protocol that enables Web sites to pass sensitive information securely in an encrypted format. If you have noticed a URL in your browser that starts with “https://”; this tells you the Web page is using SSL. The Web browser will also show some kind of lock icon to indicate a secure connection.
Follow the steps below to enable SWI for SSL.
Step One - Setup a Digital Certificate
Follow the steps below to setup a digital certificate for use by the Apache server on the system running SWI.
- Skip to Step 2 if you already have a certificate available to use on your system.
- Go to the Digital Certificate Manager (DCM):
http://hostname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0.
- In the navigation frame of DCM, select Create New Certificate Store.
- Select *SYSTEM as the certificate store to create and press Continue.
- Select Yes to create a certificate as part of creating the *SYSTEM certificate store and press Continue.
- Select Local Certificate Authority.
- Supply the required names and descriptions for the store and for the certificate.
- Press Continue to complete creation of the certificate.
For reference, see:
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frzahu%2Frzahurazhudigitalcertmngmnt.htm
Step Two - Configure the Apache Server
Follow the steps below to configure the Apache server for SSL.
Note: This only works when running SWI on PORT 80.
- Open ‘HTTP Admin Web Administration for I5/OS’ for your server instance.
- In the left pane under Server Properties, select General Server Configuration and add port 443 under port 80. Press Continue, and then Apply.
- In the left pane select Server Properties\Virtual Hosts. Position to the IP-based tab.
- Click the Add button in the right pane under ‘Virtual Host Containers’. In the IP address/Hostname drop-down, select All IP Address. For the Port, enter 443 for the SSL port. Press Continue, and then Apply.
- In the upper center/right of the screen, find the Server Area drop down. Select Virtual Host *:443.
- In the left pane, select Security. In the right pane select the SSL with Certificate Authentication tab.
- In the SSL drop down, select Enabled.
- Next to Server certificate application name, press the drop-down arrow and select the appropriate name: QIBM_HTTP_SERVER_”yourinstancename”.
- On this same screen, slide down to the HTTPS_PORT environment variable and enter 443 for your SSL port and press Apply.
- Go to the Digital Certificate manager (DCM):
http://hostname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0.
- Sign onto the *SYSTEM store.
- Select Work with server applications listed under Fast Path .
- Select the button beside your Apache instance name, and then press the Work With Application button.
- Press the Update Certificate Assignment button.
- Select the certificate that you want to assign to the application, and press the Assign New Certificate button.
- Stop and restart the Apache server instance. SSL is now enabled.
For reference, see:
https://www-304.ibm.com/support/docview.wss?uid=nas198591216e00b600d862573fc006d753d
Users accessing SWI will be warned by the browser about an untrusted site. This can be avoided by using a public Internet Certificate Authority for your certificate, but that involves a cost and is beyond the scope of this simple implementation.