DX Application Performance Management

  • Private Community

  • 1.  IBM HTTP Server PEM key for CEM SSL

    Posted Jan 29, 2015 06:57 PM

    I am trying to set up an SSL PEM key for IBM IHS server 7.0 and thinking it was an Apache based server I could use the directions for "Save an Apache or OpenSSL-based Web Servers Private Key" in the manual. First of all I found that  the paths as were not the same. I finally found the httpd.conf in /usr/HTTPServer70/conf. In the httpd.conf instead of "SSLCertificateKeyFile=/etc/httpd/conf/ssl.key/server.key" I found "KeyFile "/usr/HTTPServer70/conf/key.kdb"

     

    However, if I copy and rename it to output.pem as described and load it into the CEM SSL I get an error page that indicates that " is not a valid xml character.

     

    Am i on the right path to get the key and is there anything I need to do to convert the kbd to pem format?

     

    Thanx

     

    Steve



  • 2.  Re: IBM HTTP Server PEM key for CEM SSL

    Posted Jan 29, 2015 07:31 PM

    Hi Steve,

    Process outlined above won't work.

    You can use the IBM Utility ikeyman to export key in pkcs12 format as outlined in below link:

    http://www-01.ibm.com/software/webservers/httpservers/doc/v1312/ibm/9atikeyu.htm#HDRKMUEXPG

     

    and then use openssl to convert it into pem format for e.g

    openssl pkcs12 –in filename.pkcs12 –nocerts –out output.pem

     

    Hope it helps.

    Regards,

    Kulbir Nijjer

    CA Support.



  • 3.  Re: IBM HTTP Server PEM key for CEM SSL

    Posted Jan 30, 2015 11:19 AM

    Hi Steve,

     

    We'd greatly appreciate it if you could add a comment on our online wiki: https://wiki.ca.com/display/APMDEVOPS97/Import+and+Manage+SSL+Private+Keys#ImportandManageSSLPrivateKeys-SaveanApacheorOpenSSL-basedWebServersPrivateKey

    for any documentation corrections. Thanks.

     

    Regards,

    James.