I am trying to set up an SSL PEM key for IBM IHS server 7.0 and thinking it was an Apache based server I could use the directions for "Save an Apache or OpenSSL-based Web Servers Private Key" in the manual. First of all I found that the paths as were not the same. I finally found the httpd.conf in /usr/HTTPServer70/conf. In the httpd.conf instead of "SSLCertificateKeyFile=/etc/httpd/conf/ssl.key/server.key" I found "KeyFile "/usr/HTTPServer70/conf/key.kdb"
However, if I copy and rename it to output.pem as described and load it into the CEM SSL I get an error page that indicates that " is not a valid xml character.
Am i on the right path to get the key and is there anything I need to do to convert the kbd to pem format?
Process outlined above won't work.
You can use the IBM Utility ikeyman to export key in pkcs12 format as outlined in below link:
and then use openssl to convert it into pem format for e.g
openssl pkcs12 –in filename.pkcs12 –nocerts –out output.pem
Hope it helps.
We'd greatly appreciate it if you could add a comment on our online wiki: https://wiki.ca.com/display/APMDEVOPS97/Import+and+Manage+SSL+Private+Keys#ImportandManageSSLPrivateKeys-SaveanApacheorOpenSSL-basedWebServersPrivateKey
for any documentation corrections. Thanks.