SSL certificate on WebSphere Application Server IHS

To support SSL, you must add WebSphere® Application Server’s SSL certificate to IBM HTTP Server’s trust store and then configure IBM HTTP Server for SSL traffic.

Preparing

#Copy certificates to WAS:
sudo su -
cp -r /home/lukaszmu/cert /opt/IBM/HTTPServer/conf

#list certificate files
ls /opt/IBM/HTTPServer/conf/cert/
wildcard.p12 ca-bundled-thawte.pem thawte_Primary_Root_CA.pem

Create IHS Security enabled virtual host

Servers > Server Types > Web servers > webserver1 > Web server virtual hosts >

click New
choose „Security enabled virtual host”
set and remember „Key store password”

Remove default selfSigned certificates

Web servers > webserver1 > Web server virtual hosts > *:443 > Manage Keys and Certificates
remove: Signer certificates
remove: Personal certificates

Import personal certificates

Web servers > webserver1 > Web server virtual hosts > *:443 > webserver1 > Personal certificates > Import certificates from a key file or key store

choose „Key store file”
Key file name: /opt/IBM/HTTPServer/conf/cert/wildcard.p12
Type: PKCS12
Key file password: fill in

click: Get Key Aliases
set new alias: wildcard

Import signer certificates

Web servers > webserver1 > Web server virtual hosts > *:443 > webserver1 > Signer certificates > Add signer certificate
1. ca-bundled-thawte
/opt/IBM/HTTPServer/conf/cert/ca-bundled-thawte.pem

2. thawte_Primary_Root_CA Thawte Root Certificates
/opt/IBM/HTTPServer/conf/cert/thawte_Primary_Root_CA.pem

Finalize IHS configuration

Web servers > webserver1 > Web server virtual hosts > *:443
click „Copy to Web server key store directory” (Key store settings)
click OK
click Propagate configuration file directly to the target Web server machine.

Restart the Web server for changes to take effect.

/opt/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/bin/stopServer.sh webserver1
/opt/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/bin/startServer.sh webserver1 -nowait