DX Application Performance Management

Expand all | Collapse all

IBM HTTP Server PEM key for CEM SSL

  • 1.  IBM HTTP Server PEM key for CEM SSL

    Posted 01-29-2015 06:57 PM

    I am trying to set up an SSL PEM key for IBM IHS server 7.0 and thinking it was an Apache based server I could use the directions for "Save an Apache or OpenSSL-based Web Servers Private Key" in the manual. First of all I found that  the paths as were not the same. I finally found the httpd.conf in /usr/HTTPServer70/conf. In the httpd.conf instead of "SSLCertificateKeyFile=/etc/httpd/conf/ssl.key/server.key" I found "KeyFile "/usr/HTTPServer70/conf/key.kdb"


    However, if I copy and rename it to output.pem as described and load it into the CEM SSL I get an error page that indicates that " is not a valid xml character.


    Am i on the right path to get the key and is there anything I need to do to convert the kbd to pem format?





  • 2.  Re: IBM HTTP Server PEM key for CEM SSL

    Posted 01-29-2015 07:31 PM

    Hi Steve,

    Process outlined above won't work.

    You can use the IBM Utility ikeyman to export key in pkcs12 format as outlined in below link:



    and then use openssl to convert it into pem format for e.g

    openssl pkcs12 –in filename.pkcs12 –nocerts –out output.pem


    Hope it helps.


    Kulbir Nijjer

    CA Support.

  • 3.  Re: IBM HTTP Server PEM key for CEM SSL

    Posted 01-30-2015 11:19 AM

    Hi Steve,


    We'd greatly appreciate it if you could add a comment on our online wiki: https://wiki.ca.com/display/APMDEVOPS97/Import+and+Manage+SSL+Private+Keys#ImportandManageSSLPrivateKeys-SaveanApacheorOpenSSL-basedWebServersPrivateKey

    for any documentation corrections. Thanks.