6.2.2 Setting up SSL
To improve security, set up the web server as an SSL accelerator. Specify the parameters related to SSL accelerators in the httpsd.conf file, and use the web server commands (hwskeygen and hwscertutil reqgen) to create a private key and certificate signing request (CSR) for the web server. Store the private key and certificate to complete the setup.
Prerequisites
-
System security requirements have been decided.
Intended users
-
System engineers
Procedure
Install the web server on the host to be used as an SSL accelerator.
Specify the parameters related to SSL accelerators in the httpsd.conf file.
-
httpsd.conf file definition example:
SSLEnable
SSLCertificateFile "installation_directory_for_Application_Server/httpsd/conf/ssl/server/httpsd.pem"
SSLCertificateKeyFile "installation_directory_for_Application_Server/httpsd/conf/ssl/server/httpsdkey.pem"
-
To create a private key for the web server, run the hwskeygen command .
-
hwskeygen command specification example
hwskeygen -rand any_file_name -out private_key_file_name -bits private_key_bit_length
-
To create a certificate signing request (CSR), run the hwscertutil reqgen command.
-
hwscertutil reqgen command specification example
hwscertutil reqgen -sign signature_algorithm -key private_key_file_name -out CSR_file_name
-
Request the certification authority (CA) to issue a certificate for the web server, and obtain the certificate.
Store the private key and certificate in the location specified in the httpsd.conf file.