Saturday 14 October 2017

Steps to Configure IHS (IBM HTTP Server ) with WAS 8.5.X.X

Step 1: Create Web server  :

Step 2: Generate and  propagate plug ins via console :

Step 3: Configure IHS (httpd.conf ) for Port 80 :

Step 4: Create New Self - Sign Certificates using ikeyman :

Step 5: Configure IHS (httpd.conf ) for Port 443 and install certificates. :

Refrence Doc :

Thanks..:-) !

Thursday 7 September 2017

How to create CSR using openssl with SAN details. / How to create SAN certificate using openssl.

SAN stands for Subject Alternative Name certificates and allows you to secure multiple domain names with a single SSL certificate.
SAN is used where a single server can access with multiple domain address.

Step 1: Make sure that you have openssl rpm installed in unix machine.

Command  >>  rpm -qa | grep openssl

Screenshot 1:

Step 2: If you does not have openssl tool.

Command >>   yum  install  openssl

Screenshot 2:

Since i already installed the latest version its showing nothing to do.

Step 3: Create a directory open_ssl

Command >>    mkdir   open_ssl

Screenshot 3:

Step 4: Make one file newsan.cnf and paste below commands and save.

Command >>  vi   newsan.cnf


default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
countryName = IN
stateOrProvinceName = MAHA
organizationName = MiddlewareBox
commonName =
subjectAltName = @alt_names
DNS.1 =
DNS.2 =


Screenshot 4:

Step 5: Use below openssl command.

Command  >>   openssl req   -new -out opensslSan.csr -newkey rsa:2048 -nodes -keyout private.key -config newsan.cnf

Screenshot 5:

Step 6: Open the created xxxxx.csr

Command >>  cat  opensslSan.csr




Screenshot 6:

Step 7: Copy the above cerificate content and paste on CSR decoder website

CSR decoder link : Https://

Screenshot 7-1:

Screenshot 7-2:

Step 8: Reading a CSR to determine what information it contains.

Command >>   openssl req -text -noout -in <filename for csr>

Screenshot 8:

Reference link :

Reference link :

Reference link : Most-common-openssl-commands.html

Reference link :

Thanks :-)

Saturday 2 September 2017

How to Monitor IBM HTTP Server connections. & Get Apache Server info.

For unix user.

Step 1: Locate to /conf folder of IHS (IBM HTTP SERVER).

Screenshot 1:

Step 2: Edit the httpd.conf file.

Command >>  vi   httpd.conf

Step 3: Uncomment the module line

LoadModule status_module modules/

Screenshot 2:

Step 4: Uncomment the server-status location section and change the "allow from" to the localhost client ipaddress or domain

Screenshot 3:

Step 5: Go to the browser and check server-status.

Open URL : http://domain-name/server-status

Screenshot 4:

Step 6: For server info edit httpd.conf file  and uncoment module line

LoadModule info_module modules/

Screenshot :5

Step 7: Uncomment the server-info location section and change the "allow from" to the localhost client ipaddress or domain

Screenshot 6:

Step 8: Go to the browser and check Apache server-info

open URL : http://domain-name/server-info

Screenshot : 7

Reference Link :

Reference Link :

Thanks :-)

Tuesday 29 August 2017

How to configure SSL on JBOSS EAP 6.4 with SAN certificate.

Step 1: Locate to JBOSS /configuration folder.

Screenshot 1:

Step 2: open standalone.xml file.  NOTE : Always take backup before doing any config. changes.

Command >> vi  standalone.xml 

Step 3: Add below parameters for ssl configuration below connector http.


<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

<ssl key-alias="ssl" password="142536" certificate-key-file="/JBOSS/JBOSS1/jboss-eap-6.4/standalone/configuration/keystore.jks" verify-client="false" />

key-alias >> alias name of keystore.
certificate-key-file >> Pathname of the keystore file where you have stored the server certificate to be loaded.
password >> Password of a file.
verify-client >> Set to true if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. (default is false).

Screenshot 3-1:

Screenshot 3-2:

Step 4 : Locate jboss /bin folder and start the jboss.

  I have made a script and bind my machine IP address.

Screenshot 4-1:

Screenshot 4-2:

Step 5: Check the application on port 8443 with IP (Default port is 8443).

Screenshot 5 :

Step 6: Check the application on port 8443 with CN (CommanName) and SAN (Subject Alternative Name) DNS in certificate.

Before this make entries in hosts file of machine.

Command >> vi    /etc/hosts

Screenshot 6-1:

Step 7 : Check the application using Common Name (CN).

Screenshot 7-1:

Check the application using SAN-DNS.

Screenshot 7-2:

Screenshot 7-3:

Step 8 : To hide port 8443 , change the Port  from 8443  to  443  in standalone.xml  and restart the jboss.

Screenshot 8-1 :

Step 9: Check the application using Common Name (CN).

Screenshot 9 :

Refrence link :
Refrence link :
Refrence link :

Link to create self-signed  certificate

Thanks :-)

How to create Self-signed certificate and CSR using java keytool with SAN details. OR How to create SAN certificate with java keytool.

SAN stands for Subject Alternative Name certificates and allows you to secure multiple domain names with a single SSL certificate.

SAN is used where a single server can access with multiple domain address.

SAN : Through san you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate.

Step 1: Make sure you have installed java in our machine.

Command >> java -version

Screenshot 1:

Step 2: Find installed java location.

Command >>  find  / -name java

Screenshot 2:

Step 3: Locate to /bin folder of java.

Screenshot 3:

Step 4: Use below command to generate java keystore and self-signed certificate.

Command >>  ./keytool -genkey -alias ssl -keyalg RSA -keystore keystore.jks -keysize 2048 -ext,

Where,  keytool >> Java Keytool is a key and certificate management utility.
       -genkey  >> Generate SSL certificates and certificate requests
  -alias   >> Name given to the certifiacte.
  -keyalg  >> Algorithm to be used in certificate.
  -keystore >> SSL cert to be store in file.
  -keysize  >> RSA key size 2048 ( Certificate authorities will not sign csrs less than 2048 bits in size so you should generate your csr to be 2048 bits. )
  -ext      >> Extension attribute to provide dns and email details its optional to the certificate .

Screenshot 4:

Step 5: Use below command into keytool to create a CSR using existng keystore.jks.

Command >>  ./keytool -certreq -alias ssl -keystore keystore.jks -file MiddBox.csr -ext,

       -certreq  >> Generates a certificate request
       -file     >> CSR to be store in file.

Screenshot 5:


Step 6: Check which certificates are in a Java keystore available.

Commmand >> ./keytool -list -v -keystore keystore.jks

Screenshot 6:

Step 7: Check generated CSR using online CSE decoder website .

Command >>  cat MiddBox.csr

Output :




Copy above encrypted code and paste into

Screenshot 7-1:

Screenshot 7-2:

Screenshot 7-3:

Reference link :
Reference link :
Reference link :
Reference link :

Thanks :-)

Monday 21 August 2017

How to Install Apache HTTP Server 2.4.27 Latest Version on LINUX machine

Step 1: make one directory APACHEWEB [in my case].

Command >> mkdir APACHEWEB

Step 2: Locate to APACHEWEB directory use below command to downlaod Apache HTTP Server 2.4.27.

Command >> wget

Screenshot 2-1 :


Download from this link

Screenshot 2-2:

Step 3 : Change the permission to this directory

Command >> chmod -R 755 /APACHEWEB

Screenshot 3:

Step 4: Following requirements you need to be complete.

Refrence link :

Screenshot 4:

Step 5: Extract this httpd-2.4.27.tar.gz

Command >> tar -xvzf httpd-2.4.27.tar.gz

Screenshot 5:

Step 6: locate to /APACHEWEB/httpd-2.4.27/srclib  , since no pre-libraries are there ,so we have to downlaod libraries.

Screenshot 6:

Step 7: Let's complete this requirements execute below commands on lcation /APACHEWEB/httpd-2.4.27/srclib directory :

      7-1 : Download  Apache Portable Runtime (APR) and Apache Portable Runtime (APR-Util) Utility 1.6.0 :

  Command for APR >> wget


  Download Link :

  Screenshot 7-1:

  7-2: Download Apache Portable Runtime (APR-Util) Utility 1.6.0 :

  Command >> wget


  Download Link :

  Screenshot 7-2:

Step 8 : Extract this APR and APR Util.

8-1: Extract  apr-1.6.2.tar.gz

Command >>  tar -xvzf apr-1.6.2.tar.gz

Screenshot 8-1:

8-2: Extract apr-util-1.6.0.tar.gz

Command >>  tar -xvzf apr-util-1.6.0.tar.gz

Screenshot 8-2:

Step 9: Rename  apr-util-1.6.0 and apr-1.6.2 version info.

Command >> mv apr-util-1.6.0   apr-util

Command >>  mv  apr-1.6.2    apr

IMP NOTE : After rename please move "apr-util"  & "apr" to "/APACHEWEB/httpd-2.4.27/srclib"

Screenshot 9:

Step 10 : Also make sure this rpm are intsalled on LINUX machine before installation.

Command >>  yum install pcre-devel

 Screenshot 10-1:

Command >>  yum install openssl-devel

 Screenshot 10-2:

Command >>  yum install expat-devel

 Screenshot 10-3:

Command >>  yum install gcc 

 Screenshot 10-4:

Step 11 : Once again change the permission.

Command >>  chmod -R 755 /APACHEWEB

Step 12: locate  to /APACHEWEB/httpd-2.4.27 and use below commands.

Command >>  ./configure --with-included-apr   --prefix=/APACHEWEB/HTTPDWEB2.4 --enable-ssl --enable-so


--with-included-apr=Apache Portable Runtime (APR) and Apache Portable Runtime libraries on location srclib
–prefix=Provide location where you need to install apache ,  /APACHEWEB/HTTPDWEB2.4 in my case
–enable-ssl this will compile apache with SSL enabled so can secure apache web server with SSL cert.

others sonfiguration options :-
"./configure" \
"--enable-so" \
"--enable-proxy" \
"--enable-proxy-http" \
"--enable-proxy-balancer" \
"--enable-rewrite" \
"--enable-proxy-ajp" \

 Screenshot :

Step 13 : on same location /APACHEWEB/httpd-2.4.27 use  below commands.

Command >> make 

Screenshot 13:

Step 14 :  on same location /APACHEWEB/httpd-2.4.27 use  below commands.

Command >> make install

Screenshot 14 :

Step 15 : locate to /APACHEWEB/HTTPDWEB2.4  where  new installation of   httpd server  has done. [--prefix=/APACHEWEB/HTTPDWEB2.4 ]

Screenshot 15:

Step 16: locate to bin directory of installed httpd server 2.4  and start the server .

Command >> ./apachectl  -k start

Screenshot 16:

Step 17: Now, check through browser.

Screenshot 17 :

Step 18 : For  Reference doc use below link


Thanks..! :-)