Question & Answer
Question
How to set up TLS for a HTTP Apache server
Answer
The HTTP Admin offers an SSL wizard to configure SSL/TLS for the Apache server which can access Digital Certificate Manager (DCM) to create a new Local signed certificate or select an existing certificate already in the store. DCM needs to be configured with a *SYSTEM store and Local CA store if the certificate is going to be a Local signed certificate. For more information about DCM including requesting a certificate from an Internet CA see the following:
1. The first step is to access the IBM Web Administration for i GUI page by opening a browser and using one of the following URLs (replace systemName with the IBM i IP address or system name):
http://systemName:2001/HTTPAdmin
:2010/HTTPAdmin
2. Click Next on the first screen
3. Change the port that you want TLS connections for if needed as well as keep the non TLS port active or not and click next.
4. Type in the password for the *SYSTEM store and click next (NOTE: If you do not know the password you can reset it by accessing DCM to reset. Go to http://systemName:2006/dcm or https://systemName:2007/dcm and click 'Open Certificate Store' on the left and choose *SYSTEM then click the 'Reset Password'):
5. Select to either create a new Local CA signed certificate or select an existing certificate and click next.
A. Local CA
Type in the password for the Local Certificate Authority store and click next. If you do not know the password you can reset it by accessing DCM to reset. Go to http://systemName:2006/dcm or https://systemName:2007/dcm and click 'Open Certificate Store' on the left and choose 'Local CA' then click 'Reset Password'.
Continue to Step 6
B. Existing certificate
Select the certificate from the drop down box and click next.
Select 'Trust all CAs in the *SYSTEM store' and click next
6. Select the option to restart later or after the wizard completes and click next.
7. The next screen is a summary, click finish.
or
https://systemNameLog in with a profile that has *SECOFR authority. Select the server you want to configure from the "Server" drop down box and click on the "Configure TLS" on the left panel.
2. Click Next on the first screen
3. Change the port that you want TLS connections for if needed as well as keep the non TLS port active or not and click next.
4. Type in the password for the *SYSTEM store and click next (NOTE: If you do not know the password you can reset it by accessing DCM to reset. Go to http://systemName:2006/dcm or https://systemName:2007/dcm and click 'Open Certificate Store' on the left and choose *SYSTEM then click the 'Reset Password'):
5. Select to either create a new Local CA signed certificate or select an existing certificate and click next.
A. Local CA
Type in the password for the Local Certificate Authority store and click next. If you do not know the password you can reset it by accessing DCM to reset. Go to http://systemName:2006/dcm or https://systemName:2007/dcm and click 'Open Certificate Store' on the left and choose 'Local CA' then click 'Reset Password'.
Continue to Step 6
B. Existing certificate
Select the certificate from the drop down box and click next.
Select 'Trust all CAs in the *SYSTEM store' and click next
6. Select the option to restart later or after the wizard completes and click next.
7. The next screen is a summary, click finish.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CISAA2","label":"Digital Certificate Manager"},{"code":"a8m0z0000000CGqAAM","label":"IBM i HTTP Server"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
16 August 2022
UID
nas8N1022003