Skip to end of metadata
Go to start of metadata

How to configure IBM HTTP Server?

Starting IBM HTTP Server on a Windows operating systems

Start the IBM HTTP Server as a Windows service as follows:

  1. Click Start > Programs > IBM HTTP Server > Start Server. A message box indicates that the server has started.
  2. To confirm that IBM HTTP Server started successfully open a browser window and type in your server URL in the address bar.
  3. If you used the developer installation option, then the IBM HTTP Server does not install as a service. You have to run the apache.exe file from a command line.
  4. If the IBM HTTP Server does not start:
    • Go to Services within Control Panel.
    • Double-click on IBM HTTP Server to start the server.
    • To confirm that IBM HTTP Server started successfully, open a browser and type in your server URL name in the address bar.

Configuring IBM HTTP Server

Locating the default and sample configuration files (httpd.conf) 

The httpd.conf configuration file in located in the conf directory of your server installation. There is also an httpd.conf.default file, if you need to use another copy of the original file. The product provides a sample configuration file called httpd.conf.sample that illustrates basic IBM module directives and advanced security options.

IBM HTTP Server also provides the admin.conf.default, magic.default, and mime.types.default configuration files. IBM HTTP Server configuration files are located in [IBM HTTP Server installation directory]\conf

Special considerations for IBM HTTP Server

The following items regarding the configuration file should be known when using IBM HTTP Server:

  1. The IBM HTTP Server and administration server configuration files, httpd.conf and admin.conf respectively, support only single-byte characters (SBCS). This restriction applies to all operating system platforms.
  2. On the Windows platform, the forward slash character (/) should be used as a path separator in the configuration file, instead of the backward slash character (\).

Configuring with Jakarta Tomcat Connector mod_jk (AJP configuration)

This module is used to transfer traffic between IBM HTTP Server and the Tomcat web server over the AJP protocol.

  1. Download mod_jk-apache-2.0.29.so from Apache web site http://apache.tradebit.com/pub/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.25/ rename mod_jk-apache-2.0.29.so file to mod_jk.so and copy this file to modules folder under IBM HTTP Server Install directory <IBM HTTP Server installation directory>\modules.
  2. Make a copy of <IBM HTTP Server installation directory>\conf \httpd.conf and rename it to httpd.conf.org
  3. Open <IBM HTTP Server installation directory>\conf\httpd.conf in an editor and add following lines as below: 

    Excerpt from httpd.conf
  4. Save and close httpd.conf file.

The following table explains the above contents:

No.Variable NameValueDescription
1LoadModule jk_module modules/mod_jk.so- 
2JkWorkersFileconf/workers.properties 
3JkLogLevelError 
4JkMount/adss/* tomcatworker 

 

  1. Create a new text document in conf directory <IBM HTTP Server installation directory>\conf\, rename this file to "workers.properties" and add lines as below: 

    Minimum requirements for the workers.properties
  2. Save and close the "worker.properties" file.

The following table explains the contents of "workers.properties" file:

No.Variable NameValueDescription
1worker.listtomcatworkerName of AJP worker that is also configured on Tomcat Web Server
2worker.tomcatworker.typeAjp13 
3worker.tomcatworker.hostAscertia-jts1-2Machine name where Tomcat instance is running
4worker.tomcatworker.port8780Tomcat Worker instance port
5worker.tomcatworker.connection_pool_size5Connection pool size
6worker.tomcatworker.connection_pool_timeout300Connection time out

Of course to forward requests to ADSS TSA Server it must already be installed and configured.

Restart the IBM HTTP server

To restart the IBM HTTP Server:

  • Go to Microsoft Services management console (click on Start >> Control Panel >> Administrative Tools >> Services) and browse for IBM HTTP Server 6.0

  • Right click on it and select the restart command.

  • Using IBM HTTP Server "Stop HTTP Server" console and "Start HTTP Server" console.

    • To stop IBM HTTP Server click on Start button >> Programs >> IBM HTTP Server 6.0.2 >> Stop HTTP Server

    • To start IBM HTTP Server click on Start button >> Programs >> IBM HTTP Server 6.0.2 >> Start HTTP Server

Testing IBM Httpd.conf and Jakarta Tomcat Connector Configuration

  1. Test the IBM HTTP Server configuration and connectivity by entering the following URL in your web browser:
    • http://{machine-name}:port (for the default HTTP 80 port number you are not required to enter the port in URL).
      If http.conf file is configured properly with AJP connector settings then you will be able to view web pages.
  2. Test the IBM HTTP Server request forwarding to ADSS TSA Server console service by entering the URL as below in your web browser:
    • http://{machine-name}:port/adss/console
      This page indicates that IBM HTTP Server has successfully connected to the ADSS TSA Server console services. As ADSS TSA Server console services runs over SSL with Client Authentication, you need to configure IBM HTTP Server to run over SSL.

Configuring SSL Secure Communications

This section provides information to help you set up Secure Sockets Layer (SSL), using the default httpd.conf configuration file.

Creating a CMS Key Database (follow the steps in the next section):

  • Use the IBM HTTP Server IKEYMAN utility (graphical user interface) or IKEYMAN utility (command line) to create a CMS key database file.

  • Create self signed server certificate using IBM HTTP Server IKEYMAN utility (graphical user interface).

Enable SSL directives in the IBM HTTP Server httpd.conf configuration file:

  • Uncomment the LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

  • Configuration directive.

  • Create an SSL virtual host stanza in the httpd.conf file using the following examples and directives.

Open httpd.conf file that is present at the location <IBM HTTP Server installation directory>\conf 

Excerpt from httpd.conf fot SSL communication (from client system to IBM HTTP Server and forwarding SSL certificates to ADSS TSA Server using Jakarta Tomcat connector)

 

Creating CMS Key Database

To create the CMS key database follow the steps as below:

  1. Click on Start button >> Programs >> IBM HTTP Server 6.0.2 >> Start Key Management Utility Key Management utility (graphical user interface will launched):
  2. Click on "Key Database File Menu >> select New", New Database creation Window will be opened.
    • Type the values according to the table shown below and click on OK button to continue

      CMS Database Configuration Table
      Field NameValueDescription
      Key database typeCMSDatabase Type
      File NameKey.kdbCMS database file
      Location[IBM HTTP Server installation directory]\conf in our example it is c:\Program Files\IBM HTTP Server\confLocation to store CMS database


  3. A Password Prompt window will open (This password is used to protect the CMS database).
    • Type “YourChoiceofPassword” in the Password field and provide the same password in the Confirm Password field.
    • Enable Stash the password to a file and click on OK button to continue.
  4. An information window will open; click OK button to continue.
  5. Once the database is created, the IKM window will shows the list of trusted certification authorities.
  6. The ADSS Default Admin user certificate is issued by a "Test Temporary Root CA" that is not included in this list of trusted CAs, so to add this temporary CA in the Trusted CA database click on the "Add" button; the "Add CA's Certificate from a File" window will be open, now perform the steps in the table below:

    Field NameValueDescription
    Data typeBinary DER dataCertificate Data type / format
    File Nameca.crt or ca.cerCA certificate file, click on "Browse" button to locate CA certificate file
    Location[IBM HTTP Server installation directory]\confLocation where CA.crt file present.

     

  7. Enter the label "Temporary Root CA" for this CA certificate to identify this CA certificate and click on the "OK" button.
  8. The "Temporary Root CA" certificate will now be listed in Trusted CA's CMS database.

Creating an SSL Server Certificate

To create an SSL Server Certificate follow the steps shown below:

  1. In the IBM Key Management utility click "Create" menu >> "New Self-Signed Certificate". The "Create new Self-Signed certificate" window will open:

Type the values according to table below:

Field Name

Value

Description

Key Label

SSL Server Certificate

Label to identify this SSL Server certificate in CMS database

Version

X509 V3

SSL Server certificate specification version

Key Size

1024

You can choose this key size according to your own corporate security policy

Common Name

www.yourcompany.com

Type server's fully qualified domain name

Organization

Ascertia

Type your company name here

Organization Unit (Optional)

Your organizational unit

Type organization unit managing your servers/ online services

Locality (Optional)

Your Locality

 

State/Province (Optional)

Your State/Province

 

Zip Code (Optional)

Your Zip code

 

Country or Region

Your Country

 

Validity Period

365 Days

Life time of this SSL server certificate.

To create this certificate click on the OK button, you can see this new certificate in the CMS database:

Close the IBM Key Management utility.

Restart the IBM HTTP Server so that it loads the new configurations made in httpd.conf.

The IBM HTTP Server can be restarted like this:

  • Microsoft Services management console (click on Start >> Control Panel >> Administrative Tools >> Services, and browse for IBM HTTP Server 6.0, right click on it and select restart command).

  • Using IBM HTTP Server "Stop HTTP Server" console and "Start HTTP Server" console.

    • To stop IBM HTTP Server click on Start button >> Programs >> IBM HTTP Server 6.0.2 >> Stop HTTP Server.

    • To start IBM HTTP Server click on Start button >> Programs >> IBM HTTP Server 6.0.2 >> Start HTTP Server.

Testing IBM Httpd.conf and Jakarta Tomcat Connector Configuration

  1. To test the IBM HTTP Server configuration and connectivity over SSL, enter the URL as below in your web browser:
    • https://{machine-name}:port (uses default HTTPS 443 port).
      If the http.conf file is configured properly with AJP connector settings then you will be able to view the web pages.
  2. Test the IBM HTTP Server request forwarding to ADSS TSA Server console service by entering this URL in your web browser:
Icon

Only ADSS TSA Server Administrators are able to communicate with ADSS TSA Server console, and you must import a valid SSL certificate or the ADSS Default Admin certificate in the personal key store of your web browser.

 

 

  • No labels