[z/OS][AIX Solaris HP-UX Linux Windows]

Obtaining certificates

This section provides information to help you get started with secure connections on the Web server. Obtaining certificates is the first step in securing your Web server.

About this task

When you set up secure connections, associate your public key with a digitally-signed certificate from a certificate authority (CA) that is designated as a trusted CA on your server.

Procedure

  • Buy a certificate from an external certificate authority provider.
    You can buy a signed certificate by submitting a certificate request to a CA provider. The IBM® HTTP Server supports several external certificate authorities. By default, many CAs exist as trusted CAs on the IBM HTTP Server. See List of trusted certificate authorities on the IBM HTTP Server.
    Use the key management utility to create a new key pair and certificate request to send to an external CA, then define SSL settings in the httpd.conf file.
    • [AIX Solaris HP-UX Linux Windows]IKEYMAN graphical user interface. If you are unable to use the IKEYMAN interface, use the command line interface gskcmd command.
    • [z/OS]Native z/OS® key management (gskkyman key database).
  • Create a self-signed certificate.
    Use the key management utility or purchase certificate authority software from a CA provider.