|
| As far as I've been able to figure out (IBM's docs are as clear as usual on the topic :-< ), IHS does NOT support JKS as a Keyfile type (go figure...). In order to properly set up the cert for IHS, you have to:
1. Generate a CMS keyfile (important...)
2. Stash the password (in iKeyMan, this is "Key Database File" -> Stash Password.
3. Add the following to the .conf file:
Listen 443
<VirtualHost :443>
SSLEnable
Keyfile <path to your keyfile; i.e. /opt/IBM/IHS/conf/key.kdb>
SSLStashfile <path to your password stash; i.e. /opt/IBM/IHS/conf/key.sth>
SSLServerCert <name/alias of the cert in the keyfile>
</VirtualHost>
This works...
(BTW: Thanks IBM for not answering this one. It seems to be a very common problem out there, and since you mysteriously decided NOT to use the standard mod_ssl, it IS your responsibility to correctly document the d***n thing...)
|
|