Re: SSL & CGIDEV2...

[Alfredo Delgado <adelgado@xxxxxxxxxxxxxxxxx>]

Shane, due to the way the SSL handshake occurs, you can only have one 
SSL certificate per IP. I've seen some multiple-domain certificates for 
sale but I can't justify their cost so I don't have first person 
knowledge of them.

You'll have to create a New Certificate Store in the Digital Certificate 
Manager (DCM) then create a CSR that you will provide the Certificate 
Authority from whom you'll purchase the SSL certificate from. Once you 
have the certificate you enter it into the DCM -- it must match the CSR 
or you're out the money. You then assign it to the application -- your 
apache instance -- in the DCM .

I went with secure.companyname.com for the name on the certificate and 
it's pointed to the root of the apache instance so I can point to 
https://secure.companyname.com/ourwebsite/index.php or 
https://secure.companyname.com/publicwebservices/foo.php

Relevant conf directives are:

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen *:443
SetEnv HTTPS_PORT 443

<VirtualHost *:443>
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_apacheinstance
</VirtualHost>

This is a quick stream of thought recap so some details may be off or 
missing so YMMV.
*
*Thanks,
Alfred

Shane_Cessna@xxxxxxx wrote:
> Has anyone successfully implemented SSL on apache?  If so, can you send a 
> sample config file with multiple LocationMatch directives?  Is there a lot 
> of new configuration that has to be done in order to move from a non-SSL 
> environment to an SSL environment?
>
> I have an apache server listening on port 80 for requests to pass to my 
> CGIDEV2 programs.  I'd like to be able to enable this without a ton of 
> work...
>
> Shane Cessna
> Senior iSeries Programmer
> North American Lighting, Inc.
> 217.465.6600 x7776 
>