SSL on AIX with verisign

[polani]

Hi all
Have anyone of you any experience of implementing
SSL on AIX ( using HTTP server powered by Apache).
I have successfully tested SSL implementation with
self signed certificates but when try to implement
the same using verisign certificates , i stuck up.
The problem is that on verisign site there is no documentation availiable regarding IBM HTTP Server
.Can any body provide me step by step procedure for getting the objective.

Polani

Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor

 

[kduffin]

If I remember correctly, I believe that the IBM HTTP Server wants you to use their facility to generate the key/csr. Take a look at

http://web25.evenue.net/manual/ibm/9atcau.htm

Cheers,

Keith
keith@duffin.org

http://www.duffin.org

 

[trifo]

Hi!

You will have to use ikeyman utility provided with IBM http server. This is an ugly X based java program. Start it up, create a new key database, and create a certificate request within (csr). This will create a request file to ask for crertificate with. Later you have to import the certificate itself.

Important to click on "stash password file" to enable httpserver to use the key database without providing password.

After creating key database you have to include some lines in the httpd.conf of IBM http server as follows:
SSLStashfile /usr/HTTPServer/ssl/key.sth
--> this file is generated from key.kdb when clinking "Stash password file"

There is another possibility to put
SSLKeyfile /usr/HTTPServer/ssl/key.kdb
but I do not really know much about.

--Trifo