How to Install SSL certificate under Websphere/Http server

Posted By Sagar Patil

1. Navigate to the /bin-directory of your IHS-Installation $IHS_HOME

2. execute ./ikeyman to open Key Management Tool

3. Use “Key Database File > Open” to open your password-protected Key-Database

4. After Key-Database is loaded switch to “Personal Certificate Requests” (under “Key database content”).


5. Click New and fill out the certificate request dialog. Depending on your CA-Provider (RapidSSL here) you may need to fill out the dialog in a special way (VeriSign demands the common name to be the domain)

6. Click “OK” to save the certificate request in a file

7. Now you need to provide content of certificate request file to your Ceritifcate Authority (e.g.: RapidSSL). You will receiving a new certificate file from them.


8. Once you have received certificate switch back to ikeyman->”Personal Certificates” (under “Key database content”)

9. Click Receive and navigate to certificate file. Click Ok to import certificate file.

10. Open httdp.conf File of your IHS and replace SSL-Cert-Name (name will be displayed after the import of new certificate in iKeyman).
Usally a SSL-Cert is definded within a virtual host:
<VirtualHost “ip-adress”:443>
SSLClientAuth 0
SSLServerCert ihssslcert
AllowEncodedSlashes On

DocumentRoot /usr/IBM/HTTPServer/www-doc-root/

11. Restart the IHS-Server
$/opt/IBM/HTTPServer/bin/apachectl stop
$ps -ef | grep httpd (Should return NO results)

/opt/IBM/HTTPServer/bin/apachectl start

$ ps -ef | grep httpd (Should return results like below)
root 13608 1 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
nobody 13610 13608 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
nobody 13611 13608 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start
nobody 13612 13608 0 16:06 ? 00:00:00 /opt/IBM/HTTPServer/bin/httpd -d /opt/IBM/HTTPServer -k start

Check the $IHS_HOME/logs/error_log file to see any SSL handshake errors

Leave a Reply

You must be logged in to post a comment.

Top of Page

Top menu