It sounds like you've done all you need to for basic IHS SSL
functionality. As long as api.client.com matches the name you gave the
certificate via ikeyman, and you have the KeyFile directive, you should
be OK. There are a lot of other options you can add for optimization
and browser compatibility, but I don't think leaving any of those out
would break it outright. Here's my working IHS config from the
development server on my Windows workstation for comparison:
<VirtualHost *:443>
SSLEnable
SSLProtocolDisable SSLv2
SSLServerCert is12.momtex.com
<Directory "c:/IBM/HTTPServer/htdocs/html">
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</Directory>
</VirtualHost>
KeyFile "C:/IBM/HTTPServer/key.kdb"
SSLDisable
-John
-----Original Message-----
From: u2-users-boun...@listserver.u2ug.org
[mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Kevin King
Sent: Saturday, February 16, 2013 4:02 PM
To: U2 Users List
Subject: [U2] AIX 5.3 IBMIHS Web Server
Might anyone have any tips or tricks for getting SSL to work on the
IBMIHS/Apache 2.0.47 web server on an AIX 5.3 box? The documentation
I've found on the web is byzantine at best and it would be fine if the
commands actually worked, but I keep getting odd error messages and
stalled at every turn.
I've upgrade the GSK so that the server will start with SSL enabled, I
have a virtual host configured, but I have no clue how to tie a specific
certificate to the VirtualHost. Well, let's say I have clues, but
nothing is working. Here's the <VirtualHost> stanza I have set up in
httpd.conf:
<VirtualHost *:443>
SSLEnable
SSLClientAuth None
SSLServerCert api.client.com
ServerName api.client.com
DocumentRoot /usr/www
<Directory "/usr/www">
Order Allow,Deny
Allow From All
</Directory>
ErrorLog logs/api_error.log
CustomLog logs/api_error.log common </VirtualHost>
I've been able to generate a CSR and create a self-signed certificate,
and it would appear that I've even successfully imported that
certificate into my key database, as demonstrated by this command:
$ gsk7cmd -cert -details -db /usr/IBMIHS/ssl/client.kdb -label "
api.client.com" -pw "password"
...which produces the following output...
Label: api.client.com
Key Size: 512
Version: X509 V1
Serial Number: 00 DB 00 41 9A 19 77 7E 9F Issued By: api.client.com
CLIENT City, ST, US
Subject: api.client.com
CLIENT
City, ST, US
Valid From: Saturday, February 16, 2013 6:06:08 PM EST To: Saturday,
April 17, 2032 7:06:08 PM EDT
Fingerprint: ...
Signature Algorithm: 1.2.840.113549.1.1.5 Trust Status: enabled
But even though this certificate is in the keyfile (and yes, I have a
KeyFile directive elsewhere in the httpd.conf file pointing to the
client.kdb file) I can't seem to associate it to the virtual host. What
am I missing?
(And yes, I'm aware this is not specifically a U2 question but I need
this to provide web connectivity to a Unidata machine from a Rackspace
hosted server. So in a way... it sorta is U2 related.)
Help?
_______________________________________________
U2-Users mailing list
U2-Users@listserver.u2ug.org
http://listserver.u2ug.org/mailman/listinfo/u2-users
_______________________________________________
U2-Users mailing list
U2-Users@listserver.u2ug.org
http://listserver.u2ug.org/mailman/listinfo/u2-users
