Lets encrypt certificate support on IHS (IBM HTTP Server)

Hello,

We have been told to start explore and use Lets encrypt certificate for our corporate brochure websites. Will Lets encrypt cert works and supports on IBM HTTP servers installed on Linux box? Are there any risks associated with it?

Regards,
Sreeni.

Hi @sreenu545

start with some basics:

Then select a client.

It's always the same. If your configuration is buggy, that's a risk. But your configuration is unknown.

2 Likes

It’s not likely that you’re going to find turnkey solutions to issue and install Let’s Encrypt certificates on IHS.

Two reasons:

  • Although it is based on Apache httpd, it uses a bespoke SSL module (https://publib.boulder.ibm.com/httpserv/manual24/mod/mod_ibm_ssl.html) which does not use the standard PEM-based SSLCertificateFile/SSLCertificateKeyFile installation method, and instead relies on a kdb keystore (which is specific to IBM Certificate Management Service).
  • The most common ACME clients might not be available for your operating system or CPU architecture.

You can probably hook this up by using compatible ACME client that supports webroot mode + a custom hook script to perform the keystore installation and server reload. But it would require some research and effort on your behalf to do both tasks.

The certificates themselves are agnostic to your OS and webserver - you could just manually import them after all - it’s just the automated tooling around it that might be a challenge.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.