SSL (secure socket layer): Steps to configure ssl certificate: For web server: By using I key man utility,

, first we have to create . kdb file, then we have to rise a csr that is certificate signing request, it will generate arm file. It contains encrypted content we have to copy this encrypted content to the VeriSign site before that submit we have the organization details like name, mail id ,phone no e.t.c, then we have to select which server required ssl certificate. Select the web server either IHS or apache server based your environment & submit the request it will generate the request id and it will shown a message like you receive a certificate in 24 hours. But with in 5, 10 mins. We will get an intermediate certificate and actual certificate to the mail we have to copy that content to the established certificate file and configure in the httpd.conf file, under parameters ssl module enable, port no 443,path of the certificate file e.t.c,. Save the changes to the httpd.conf file and bounce the server, 443 port will active& we can access with https protocol that is server protocol.

For plug-ins and appserver : I have created self signed certifications by tryst file &key store file i.e. jks for both plugins& app servers. We have to copy the trust file of plug-ins app server &app server trust file to plug-ins, then select ssl in the admin console, three created new jsse repertories ,these specify the absolute path of trust file, password, absolute path of key store file &pwd. Then select the server, expand web container settings then select ssl-inbound channel, finally select the alias name for of the jsse repertoire and save the changes and bounce the server in this way we can enable ssl for plug-ins app server with the help of I key man utility.

Steps for IHS: Go to his bin execute I key man.bat command. Select new key database file new select cms. Then give name as ihskey.kdb. Then give the location as c:|ihs|ssl Ok to specify the password select slash the password will be store in the form of slash the password to a file ok ok. Select create new self signed certificate. Give the appropriate values ok.

Then extract the certificate then give the name and location ok close. Then go to httpd. Conf ,write the following code. Load module ibm-ssl-module modules|mod-ibm-ssllisten443 <virtual host *> Document root ,htdocs|en-us Ssl enable Key file ssl|ihskey.kdb Ssl servicer ihscert cable name Ssl stachfile ssl|his key.sth Sslv2timeout 100 Sslv3timeout 1000 <virtual host>

For plug-ins &appserver: Go to plug-ins bin execute idman.bat Select the new key database file new select cms Give the name as plug-in key .kdb Then give the location c:|plug-in|etc\ok Here we dont want any signer certificate Full the details key label is plug-in file ok Then extract the certificate then the name as web sphere his plug-in cert.arm &specify the location c:|his|etc ok close. After go to app server (or) <was-root> profiles appserv01 bin. Execute the ikeyman.bat Then select new key database new select jks Store under<was root>ssl Click on ok specify the password ok. Delete all signer certificate. Then choose personal certificate. Create self-signed certificate. Specify the details, like key label was web container ok. After extract the certificate. Give the name as web container cert.arm specify the location as ssl. under<was root>. Now we need a trust file. For that Go to key manager profiles appserv01 bin execute the command ikyman.bat in command prompt ikeyman.bat double click on the batch file.

Again select key data base new select jks instec volume of cms give the name as web container trust key jks ok. Specify the password ok Delete all sign certificates. Now under signer certificates, add the certificate. After that copy the plug-ins certificate& password under the <was root>|ssl. Add import the plug-in certificate from ssl for that browse plug-in etc web sphere his plug-in cert arm& give the location:<was root>|ssl ok ok. Enter the label name for certificate :plug-in Then we are going to generate kdb file. For that go to plug-in bin execute the Ikeyman.bat command. Open the plug-in kdb file store under plug-in. Give password ok
Select the signer certificate. Copy the web container certificate from ssl & past it under the plugin Go to add browse the web container certificate from the pluginetc. Store under etc. & give as web containerok. Then configure this certificate to app server for that . Open admin console . Go to security select SSL select new JSEE repertoire. Specify the alias name : my-ssl - conf Specify the key file name :<was root >/ssl/web container key jks Specify the password . Specify the trust file path. Specify the password of file. Ok savesave. After completion of this go to server click on app server then click on server Select web container setting expand select web container transport chain. Select wc in bound admin secure. Select ssl in bound channel Select my-ssl-conf (give it under jsee repertoire of alias name. Ok save save