Enable Secure Sockets Layer on an External Web Server

Note: PPM does not enable SSL by default, for enabling it requires other user information. However, we recommend that you enable it, especially in production environment, to make sure data being transmitted is encrypted. The use of SSL protects sensitive information from the risk of eavesdropping, data tampering, or message forgery in the process of transmitting.

  1. Generate a certificate signing request (CSR) for the server on which you plan to install the SSL certificate.

    To do this, use the software that your external Web server provides. If you do not know what software your server uses, contact the Web server vendor for that information.

  2. Submit the CSR to a certificate authority (such as VeriSign).

    Note: It may take several days for the certificate authority to validate the company.

    It is not recommended to use self-signed certificates in production environments as they may negate the benefits of end-to-end security by decreasing the ability of a user to detect a man-in-the-middle (MITM) attack.

  3. After you obtain the SSL certificate, install it on your Web server.

  4. Contact your Web server administrator or Web server vendor to help you enable SSL on the Web server.

  5. If your external Web server or hardware load balancer uses SSL, open the server.conf file and change the server configuration parameter BASE_URL to https://<Web_Server><Web_Server_Port_or_Binding_Port>.

    Note: By default, the HTTPS typically runs on port 443 on the Web server. If you use a port other than 443, you must specify the port number in the BASE_URL (https://<Web_Server>:<Web_Server_Port>).

  6. Restart the Web server.

Note: If you enable SSL on IBM HTTP Web Server, the "JKMountCopy On" virtual host directive must be included in the httpd.conf file. For more information, see Configure IBM HTTP Server Versions 6.1 and 7.0.