To support SSL, you must add WebSphere® Application Server’s SSL certificate to IBM HTTP Server’s trust store and then configure IBM HTTP Server for SSL traffic.
Preparing
#Copy certificates to WAS:
sudo su -
cp -r /home/lukaszmu/cert /opt/IBM/HTTPServer/conf
#list certificate files
ls /opt/IBM/HTTPServer/conf/cert/
wildcard.p12 ca-bundled-thawte.pem thawte_Primary_Root_CA.pem
Create IHS Security enabled virtual host
Servers > Server Types > Web servers > webserver1 > Web server virtual hosts >
click New
choose „Security enabled virtual host”
set and remember „Key store password”
Remove default selfSigned certificates
Web servers > webserver1 > Web server virtual hosts > *:443 > Manage Keys and Certificates
remove: Signer certificates
remove: Personal certificates
Import personal certificates
Web servers > webserver1 > Web server virtual hosts > *:443 > webserver1 > Personal certificates > Import certificates from a key file or key store
choose „Key store file”
Key file name: /opt/IBM/HTTPServer/conf/cert/wildcard.p12
Type: PKCS12
Key file password: fill in
click: Get Key Aliases
set new alias: wildcard
Import signer certificates
Web servers > webserver1 > Web server virtual hosts > *:443 > webserver1 > Signer certificates > Add signer certificate
1. ca-bundled-thawte
/opt/IBM/HTTPServer/conf/cert/ca-bundled-thawte.pem
2. thawte_Primary_Root_CA Thawte Root Certificates
/opt/IBM/HTTPServer/conf/cert/thawte_Primary_Root_CA.pem
Finalize IHS configuration
Web servers > webserver1 > Web server virtual hosts > *:443
click „Copy to Web server key store directory” (Key store settings)
click OK
click Propagate configuration file directly to the target Web server machine.
Restart the Web server for changes to take effect.
/opt/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/bin/stopServer.sh webserver1
/opt/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/bin/startServer.sh webserver1 -nowait