TechSupportEval/examples/2.json at main · NetManAIOps/TechSupportEval · GitHub

1
2
3
4
5
{
    "question": "How to configure SSL mutual authentication in IBM HTTP Server?\nWe are running IHS v7 and our application team has a specific webservice that they require SSL mutual authentication to be enabled for at the http server. Does anyone know how to set this up on IHS? Or any documentation?\n\nThanks",
    "ground_truth": "1. Confirm that the **Global Security Kit (GSKit)** is installed and meets the minimum requirements\n   \n2. Create a key database file and certificates needed to authenticate the Web server during an SSL handshake\n   \n3. Enable **SSL directives** within the IBM HTTP Server configuration file (httpd.conf)\n   \n4. Information that IBM WebSphere® Support needs to debug SSL configuration and certificate issues related to the IBM HTTP Server\n   ",
    "answer": "To configure SSL mutual authentication in IBM HTTP Server (IHS) v7, follow these steps:\n\n1. **Install Global Security Kit (GSKit)**: Ensure that GSKit is installed and meets the minimum requirements.\n\n2. **Create Key Database**: Create a key database file (KDB) and generate the necessary certificates for both the server and client authentication.\n\n3. **Edit Configuration File**:\n   - Open the `httpd.conf` file for your IHS installation.\n   - Ensure the SSL module is loaded by confirming the following line is uncommented:\n     ```\n     LoadModule ibm_ssl_module modules/mod_ibm_ssl.so\n     ```\n\n4. **Set Up SSL VirtualHost**:\n   - Add a `<VirtualHost>` block for SSL configuration. Here’s an example:\n     ```apache\n     <VirtualHost *:443>\n         SSLEnable\n         SSLDisable\n         KeyFile \"c:/program files/ibm http server/key.kdb\"\n         SSLServerCert \"your_server_cert\"\n         SSLClientAuth on\n         SSLVerifyClient require\n         SSLVerifyDepth 2\n         # Additional SSL settings as needed\n     </VirtualHost>\n     ```\n\n5. **Client Certificate Configuration**: Ensure that the client certificates are properly configured and trusted by the server.\n\n6. **Restart IHS**: After making these changes, restart the IBM HTTP Server to apply the new configuration.\n\nFor detailed documentation, refer to the IBM Knowledge Center for your specific version of IHS, as it may contain additional configuration options and troubleshooting tips."
}