SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Install a certificate on IBM HTTP

To use a certificate with IBM HTTP, you will need to create a key databse using the gkcapicmd tool.

This documentation explains how to install a certificate to a database that already contains the corresponding key. To import a certificate with its key, please read the specific documentation.

Using gskcmd

The first step is to locate gkcapicmd binaries. By default, this is located in the bin directory from the install directory. Binaries are called gskcmd.bat on Windows, and gskcmd on other platforms.

You can also use gskcapicmd for some operations. This tool's purpose is to handle cryptographic supports, like PKCS#11. It is stored in the same directory. Binaries are named gskcapicmd.bat on Windows, and gskcapicmd on other platforms.

Adding authorities to the database

First, you will need to add authority certificates to your key database and enable their trust. The official documentation does not specify whether the root certificate is necessary. For the time being, we recommend adding it, until additional information is available. You need to add them in reverse order:

  • Root Certificate
  • Intermediate 2
  • Intermediate 1
  • (Your certificate)

How to add an authority:

install_dir/bin/gskcmd -cert -add -db yourDatabase.kdb -stashed   -stash yourDatabase.sth -label Intermediate1 -format ascii -trust enable -file intermediate1.crt

Installing the certificate in the database

You can now import your certificate in the database:

install_dir/bin/gskcmd -cert -receive -file   yourCertificate.cer -db yourdataBase.kdb -stashed -stash yourDatabase.sth -format   ascii -label yourLabel -default_cert yes

You can now use your certificate.

Configure IBM HTTP to use the certificate

First, enable the SSL module in the httpd.conf configuration file to use the SSL module:

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

Then, make sure your virtualhost is configured to use SSL, uses secure parameters, and references your database:

  Listen 443
  
  <VirtualHost *:443>
    SSLEnable
    SSLClientAuth None

    SSLProtocolDisable SSLv2
    SSLProtocolDisable SSLv3
    SSLProtocolEnable TLSv10
    SSLProtocolEnable TLSv11
    SSLProtocolEnable TLSv12

    SSLCipherSpec -SSL_RSA_WITH_DES_CBC_SHA -SSL_RSA_EXPORT_WITH_RC4_40_MD5
    -SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 -TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
    -TLS_RSA_EXPORT1024_WITH_RC4_56_SHA -SSL_RSA_WITH_NULL_SHA
    -SSL_RSA_WITH_NULL_MD5 -TLS_RSA_WITH_NULL_SHA256 -SSL_NULL_WITH_NULL_NULL
    -SSL_DES_192_EDE3_CBC_WITH_MD5 -SSL_RC4_128_WITH_MD5
    -SSL_RC2_CBC_128_CBC_WITH_MD5 -SSL_DES_64_CBC_WITH_MD5
    -SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 -SSL_RC4_128_EXPORT40_WITH_MD5
    -SSL_RSA_FIPS_WITH_DES_CBC_SHA -SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 
    
    SSLServerCert yourLabel
    KeyFile "c:/path/to/yourDatabase.kdb"
  </VirtualHost>

  SSLDisable

You can now restart your HTTP server to use your certificate

See also