Get Started Quickly with Secure Connections

• Obtaining certificates
• Buying a certificate from an external CA provider
• Creating a self-signed certificate
• Setting up SSL using the IBM Administration Server
• Related Information

Obtaining certificates

There are two ways to obtain a certificate:

• Buy a certificate from an external CA provider
• Create a self-signed certificate

Buying a certificate from an external CA provider

Use IKEYMAN to create a new key pair and certificate request to send to an external CA. Then define SSL settings in the Security folder in the Administration Server.

Creating a self-signed certificate

Setting up SSL using the IBM Administration Server

1. Set up security module.
• Select Basic Settings
• Select Module Sequence (Scope: Global)
• Select Add
• Select Select a module to add and open the drop-down list. Go to the bottom of the list and select ibm_ssl from the list. The Module DLL is placed to the right.
• Select the Apply button
• Select the Close button
• Select the Submit button


2. Set up secure host IP and additional port for secure server.
• Select Basic Settings
• Select Advanced Properties (Scope: Global)
• Select the Add button for the Specify additional ports and IP addresses field - leave the IP address field empty and enter 443 in the Port field.
• Select the Apply button
• Select the Close button
• Select the Submit button


3. Set up virtual host structure for secure server.
• Select Configuration Structure
• Select Create Scope (Scope: Global)
• Select VirtualHost in the "Select a valid scope to insert within the scope selected in the right panel" field
• Enter the virtual host IP address, or fully qualified domain name
• Enter the virtual host port (443)
• Enter the server name
• Leave alternate name(s) for host blank
• Select the Submit button


4. Set up virtual host document root for secure server.
• Select Basic Settings
• Select Core Settings (Scope: <Virtual host you are working with>)
• Enter the server name as a fully qualified domain name
• Enter the document root directory name
• Select the Submit button


5. Set keyfile and SSL timeout values for secure server.
• Select Security
• Select Server Security (Scope: Global and Virtual Host)
• Select Enable SSL radio No button. (Disables SSL for Global scope)
• Enter the path and keyfile filename.
• Enter a Timeout value for SSL Version 2 session IDs. (100 secs)
• Enter a Timeout value for SSL Version 3 session IDs. (1000 secs)
• Select the Submit button


6. Enable SSL and select mode of Client Authorization.
• Select Security
• Select Host Authorization (Scope: Virtual Host) <Host IP addr:443>
• Select Enable SSL radio Yes button. (Enables SSL for Virtual Secure Host)
• Select Mode of client authorization to be used radio button none.
• Select the Submit button


7. Restart the Server

1. Set up virtual host structure for secure server.
• Select Configuration Structure
• Select Create Scope (Scope: Global)
• Select VirtualHost for the Select a valid scope to insert within the scope selected in the right panel: field
• Enter the virtual host IP address, or fully qualified domain name
• Enter the virtual host port (443)
• Enter the server name - leave Alternate name(s) for host blank
• Select the Submit button


2. Enable SSL and select mode of Client Authorization.
• Select Security
• Select Host Authorization (Scope: Virtual Host <Host IP addr:443>)
• Select Enable SSL radio Yes button. (Enables SSL for Virtual Secure Host)
• Select Mode of client authorization to be used radio button none.
• Select the Submit button


3. Set up virtual host document root for secure server.
• Select Basic Settings
• Select Core Settings (Scope: <Virtual Host you are working with>)
• Enter the server name as a fully qualified domain name
• Enter the document root directory name
• Select the Submit button

     (Back to Top)