Configuring the IBM HTTP server to reside on the same computer as the Domino HTTP server

The IBM HTTP server configuration file that is used to start the IBM HTTP server is named domino.conf and is located in the Domino Program directory under the ihs\conf subdirectory. The installation does not assume any port configuration.

About this task

By default all listen ports are disabled in the domino.conf file. You must enable any listen ports you want the server to use.

Procedure

  1. To allow the IBM HTTP Server to accept HTTP connections, enable normal HTTP port 80, and remove the comment character (#) for the following line(s) in the domino.conf file:
    # IPv4 support:
    #Listen 0.0.0.0:80
    # Uncomment the following line for IPv6 support on Windows XP or Windows
    # 2003 or later. Windows IPv6 networking must be configured first.
    # Listen [::]:80
    This example section shows port 80 enabled for IPv4.
    # IPv4 support:
    Listen 0.0.0.0:80
    # Uncomment the following line for IPv6 support on Windows XP or Windows
    # 2003 or later. Windows IPv6 networking must be configured first.
    # Listen [::]:80
  2. To allow the IBM HTTP Server to accept HTTP SSL connections, enable the SSL/TLS port 443, and remove the comment character (#) for the following line(s) in the domino.conf file:
    # To enable ssl, uncomment and add/change the
    # appropriate directives
    #Listen 0.0.0.0:443
    ## IPv6 support:
    #Listen [::]:443
    #<VirtualHost *:443>
    #SSLEnable
    #SSLClientAuth optional
    #SSLProtocolDisable SSLv2
    #SSLProtocolDisable SSLv3
    #</VirtualHost>
    #KeyFile domino_program_directory/ihs/ihsserverkey.kdb
    #SSLDisable
    This example section shows port 443 enabled for IPv4 with an SSL keyring file located on d:/keys/myserver.kdb.
    Listen 0.0.0.0:443
    ## IPv6 support:
    #Listen [::]:443
    <VirtualHost *:443>
    SSLEnable
    SSLClientAuth optional
    #SSLProtocolDisable SSLv2
    #SSLProtocolDisable SSLv3
    </VirtualHost>
    KeyFile d:/keys/myserver.kdb
    SSLDisable
    #
  3. To prepare the server to accept SSL/TLS connections, configure the SSL/TLS key database. Use the ikeyman utility provided with the IBM HTTP Server, and located in the Domino Program directory under ihs\bin, to create and configure the key database.
  4. After the key database is created, verify that the KeyFile statement points to the fully qualified file name of the key database, as in the preceding example.
    For an existing Domino server, the Domino key ring file cannot be used as a key database, and all necessary certificates that exist in the Domino key ring file must be re-imported from the originating Certificate Authorities into the IBM HTTP Server key database. See the related topic for more information on the configuration of SSL/TLS in the IBM HTTP server.