|
Home > Archive > WebSphere Edge Server > January 2004 > How to install a Digital Certificate (Verisign) on Edge Server (Reverse
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to install a Digital Certificate (Verisign) on Edge Server (Reverse
|
|
| Nick Dakoronias 2004-01-19, 3:02 pm |
| Hello Edge Server forum readers,
Does anybody knows if it is possible to install a Digital Certificate
(Verisign) on Edge Server (Reverse Proxy machine)?
According to Edge Server v.20 Administation Guide Technical Manual
-Chapter 6 : Caching Proxy Security,
it is mentioned that using iKeyman (Key management Utlity) is possible
to create keys and (self signed) certificates,
or receiving CA certificates, but on the other hand, Edge Server cannot
be configured and act as Certifcate Authority.
-Are all these above true?
-Are there any other more specific documents or links where can I find
more input and guidance?
Any advise will be much appreciated.
Thanks in Advance for your time.
Regards, Nick Dakoronias.
ITS Greece
| |
| anthony.carrigan@ntlworld.com 2004-01-19, 3:02 pm |
| Yes it's quite straightforward to import certificates into IBM Key Manager. If you do a
search on the www you'll find a few documents explaining IKEYMAN.
One thing to look out for - the WTE documentation regarding the SSLCertificate directive is incorrect - see the following reply I gave to someone
else on the EdgeServer forum:
****************************************
**********************************
The documentation is incorrect - I bet you've been looking at the EdgeServer Admin Guide -
Chapter9, 'Caching Proxy Directives' - the examples given suggest that you can use either the domain name or the IP address in the SSLCertificate
Directive.
You need to use the IP address - it won't work with the domain name.
And another thing - I found that there is a bug in some versions of Web Traffic Express in that you can't use SSL bridging to a Websphere origin
server - you get 'invalid peer' messages on the http log. In other words, if your PROXY statement uses https instead of http you'll get this
problem. This appears to be fixed in an efix dated 20th Jan 2003 - after installing the efix, problem disappeared. It only ever happened with
WAS
back-end servers anyway - curiously my IIS back-end servers worked fine with SSL bridging, right from the start
****************************************
*************************************
Tony Carrigan (Abbey National Glasgow)
tony.carrigan@anfis.co.uk
On Tue, 26 Nov 2002 16:40:34 +0200, Nick Dakoronias <dakoroni@gr.ibm.com> wrote:quote:
> Hello Edge Server forum readers,
>
> Does anybody knows if it is possible to install a Digital Certificate
> (Verisign) on Edge Server (Reverse Proxy machine)?
> According to Edge Server v.20 Administation Guide Technical Manual
> -Chapter 6 : Caching Proxy Security,
> it is mentioned that using iKeyman (Key management Utlity) is possible
> to create keys and (self signed) certificates,
> or receiving CA certificates, but on the other hand, Edge Server cannot
> be configured and act as Certifcate Authority.
>
> -Are all these above true?
> -Are there any other more specific documents or links where can I find
> more input and guidance?
>
> Any advise will be much appreciated.
>
> Thanks in Advance for your time.
>
> Regards, Nick Dakoronias.
> ITS Greece
>
>
>
|
|
|
|
|