IBM HTTP Server https configuration

1. Generate kdb

gskcmd -keydb -create -db ihskey -pw pwd -type pkcs12 -expire 365 -stash

2. Generate Certificate

gskcmd -cert -create -db ihskey -pw pwd -size 1024 -dn CN=localhost,O=IBM,OU=IBM HTTP Server,C=CN -label ihskey -default_cert yes - expire 365

3. Enable SSL in httpd.conf

# Example SSL configuration which supports SSLv3 and TLSv1
# To enable this support:
#   1) Create a key database with ikeyman
#   2) Update the KeyFile directive below to point to that key database
#   3) Uncomment the directives up through the end of the example
#
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
<VirtualHost *:443>
SSLEnable
SSLServerCert ihskey
SSLClientAuth None
</VirtualHost>
SSLDisable
KeyFile /opt/ibm/HTTPServer/bin/ihskey.p12
# End of example SSL configuration

4. Force 80 to 443

update httpd.conf

uncomment LoadModule rewrite_module modules/mod_rewrite.so and add

RewriteEngine on
RewriteCond %{SERVER_PORT} =80
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Ref:

Creating a new key database using the command-line interface

http://www-01.ibm.com/support/knowledgecenter/SSEQTJ_8.5.5/com.ibm.websphere.ihs.doc/ihs/tihs_createkeydb390.html?lang=en

Creating a self-signed certificate
http://www-01.ibm.com/support/knowledgecenter/SSEQTJ_8.5.5/com.ibm.websphere.ihs.doc/ihs/tihs_selfsigned.html?lang=en

Rewriting HTTP (port 80) requests to HTTPS (port 443)
http://www-01.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21114864