It sounds like you've done all you need to for basic IHS SSL functionality. As long as api.client.com matches the name you gave the certificate via ikeyman, and you have the KeyFile directive, you should be OK. There are a lot of other options you can add for optimization and browser compatibility, but I don't think leaving any of those out would break it outright. Here's my working IHS config from the development server on my Windows workstation for comparison:
<VirtualHost *:443> SSLEnable SSLProtocolDisable SSLv2 SSLServerCert is12.momtex.com <Directory "c:/IBM/HTTPServer/htdocs/html"> Options +Includes AddType text/html .shtml AddOutputFilter INCLUDES .shtml </Directory> </VirtualHost> KeyFile "C:/IBM/HTTPServer/key.kdb" SSLDisable -John -----Original Message----- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Kevin King Sent: Saturday, February 16, 2013 4:02 PM To: U2 Users List Subject: [U2] AIX 5.3 IBMIHS Web Server Might anyone have any tips or tricks for getting SSL to work on the IBMIHS/Apache 2.0.47 web server on an AIX 5.3 box? The documentation I've found on the web is byzantine at best and it would be fine if the commands actually worked, but I keep getting odd error messages and stalled at every turn. I've upgrade the GSK so that the server will start with SSL enabled, I have a virtual host configured, but I have no clue how to tie a specific certificate to the VirtualHost. Well, let's say I have clues, but nothing is working. Here's the <VirtualHost> stanza I have set up in httpd.conf: <VirtualHost *:443> SSLEnable SSLClientAuth None SSLServerCert api.client.com ServerName api.client.com DocumentRoot /usr/www <Directory "/usr/www"> Order Allow,Deny Allow From All </Directory> ErrorLog logs/api_error.log CustomLog logs/api_error.log common </VirtualHost> I've been able to generate a CSR and create a self-signed certificate, and it would appear that I've even successfully imported that certificate into my key database, as demonstrated by this command: $ gsk7cmd -cert -details -db /usr/IBMIHS/ssl/client.kdb -label " api.client.com" -pw "password" ...which produces the following output... Label: api.client.com Key Size: 512 Version: X509 V1 Serial Number: 00 DB 00 41 9A 19 77 7E 9F Issued By: api.client.com CLIENT City, ST, US Subject: api.client.com CLIENT City, ST, US Valid From: Saturday, February 16, 2013 6:06:08 PM EST To: Saturday, April 17, 2032 7:06:08 PM EDT Fingerprint: ... Signature Algorithm: 1.2.840.113549.1.1.5 Trust Status: enabled But even though this certificate is in the keyfile (and yes, I have a KeyFile directive elsewhere in the httpd.conf file pointing to the client.kdb file) I can't seem to associate it to the virtual host. What am I missing? (And yes, I'm aware this is not specifically a U2 question but I need this to provide web connectivity to a Unidata machine from a Rackspace hosted server. So in a way... it sorta is U2 related.) Help? _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users