How to Secure IBM Web servers with SSL install/configuration

-

Secure Servers with SSL Implementation :




Taking example as IHS and configuring secure website in WebServer.

Installing SSL on HIS
  
1)Open ./ikeyman.sh utility from AppServer to create .kdb file

Create a new key database file , Default will be CMS



Edit filename Ex:hostname-key.kdb



Input password and select stash password to a file





2) Create a self signed certificate




Fill the details of Self Signed cert





3) Edit the following in httpd.conf and restart http serv

1
2
3
4
5
6
7
8
9
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
<VirtualHost *:443>
SSLEnable
#SSLProtocolDisable SSLv2
</VirtualHost>
KeyFile /opt/IBM/HTTPServer/cert/sunnysite.kdb
SSLStashFile /opt/IBM/HTTPServer/cert/sunnysite.sth
SSLDisable




Now try your website url with https.

To support encrypted connections, create a self-signed certificate and then configure IBM HTTP Server for encrypted connection traffic. 

Warning : If you use this certificate in production, users will see warning messages from their browsers. In a typical production deployment, you would use a certificate from a trusted certificate authority



Comments

Post a Comment

feel free to give feedback

Popular posts from this blog

Permissions are too open // #AWS keypair issue - Windows

-
Image
What does keypair mean in AWS compute ? Generally a  key pair, consisting of a public key and a private key, is a set of security credentials that you use to prove your identity when connecting to an Amazon EC2 instance. Amazon EC2 stores the public key on your instance, and you store the private key.  For Unix based instances, the private key allows you to securely SSH into your instance .   In Windows, there are permission errors while accessing cloud ec2 instances or any aws service. ERROR-1 Permission denied (publickey) ERROR-2 Permissions for 'c:\\Users\\$username\\Downloads\\keypair.pem' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Solution: Move keypair.pem to C:/users/username/.aws/kepair.pem Install/open gitbash or cygwin or visual-studio terminal change permissions of file using chmod 400 C:/users/username/.aws/kepair.pem    If it still cant be accessed run chmod 600 C:/users/...
See More »

5 tips for Python Beginners

-
Image
  For a novice, try these tricks if you haven’t already 1. Function to make a noun (adjective) from a verb or an adverb from a noun (adjective) def verbing ( s ): returns iflen(s) < 3 elses + ( 'ing' , 'ly' )[ 'ing' ins] >>> verbing( 'help' ) helping >>> verbing( 'helping' ) helpingly 2. use a bare “*” asterisk in function parameter lists to force the caller to use keyword arguments for certain parameters >>> def f ( a, b, *, c= 'x' , d= 'y' , e= 'z' ): ... return 'Hello' To pass the value for c, d, and e you will need to explicitly pass it as “key=value” named arguments: >>> f( 1 , 2 , 'p' , 'q' , 'v' ) TypeError: f() takes 2 positional arguments but 5 we...
See More »

#Kubernetes Cluster Initialization iptables error #K8s

-
Image
  The primary step to configure container runtimes is setting up system prerequisites. For this, it usually needs loading of  overlay and br_netfilter modules and then modifying kernel settings with below. # Setup required sysctl params, these persist across reboots. cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF # Apply sysctl params without reboot sudo sysctl --system Still, there may be an error as shown below appear in the time of cluster initialisztion using kubeadm init [init] Using Kubernetes version: v1.22.0 [preflight] Running pre-flight checks error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors...
See More »