Installation – IBM HTTP Websphere Server

This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, VeriSign recommends that you contact either the vendor of your software or an organization that supports it.

Step 1: Install CA Certificate

Secure Site
If you are installing a Secure Site Certificate, you need to first install the Secure Site Intermediate CA Certificate.

Secure Site Pro
If you are installing a Secure Site Pro Certificate, you need to first install the Secure Site Pro Intermediate CA Certificate.

1. Copy the intermediate certificate into a text file and name it “intermediate.crt”. You can place this file in the same directory as your SSL Certificate.

For example: /usr/local/ssl/crt

Step 2: Install the SSL Certificate

VeriSign will email you your certificate. If the certificate is an attachment (Cert.cer), you can use the file. If the certificate is in the body of the email, copy and paste it into a text file (such as OriginalCert.txt) using vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file. If necessary, move the file to the server machine.

1. To follow the naming convention for IBM HTTP Server 1.3, rename the certificate filename with the .crt extension. For example: cert.crt

2. Copy your Certificate into the directory that you will be using to hold your certificates. For example: /usr/local/ssl/crt/.

Step 3: Configure the Server

1. In order to use the key pair, you will need to update the httpd.conf file.

2. Add the following SSL directives in the Virtual Host settings for your site, in the httpd.conf file:

SSLCertificateFile /usr/local/ssl/crt/cert.crt

SSLCertificateKeyFile /usr/local/ssl/private/verisign.key

SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt

The first directive tells the IBM HTTP Server how to find the Certificate File, the second one where the private key is located, and the third line the location of the intermediate certificate.

If you are using a different location or certificate file name than the example above (which most likely you are) you will need to change the path and/or filenames.

Save your httpd.conf file and restart the IBM HTTP Server. You can most likely do so by using the apachectl script:

apachectl stop

apachectl startssl

You should now be set to start using your VeriSign certificate with your IBM HTTP Server.