The IBM HTTP server configuration file that is used to
start the IBM HTTP server is named domino.conf and
is located in the Domino Program directory under the ihs\conf subdirectory.
The installation does not assume any port configuration.
About this task
By default all listen ports are disabled in the domino.conf file.
You must enable any listen ports you want the server to use.
Procedure
- To allow the IBM HTTP Server to accept HTTP connections,
enable normal HTTP port 80, and remove the comment character (#) for
the following line(s) in the domino.conf file:
# IPv4 support:
#Listen 0.0.0.0:80
# Uncomment the following line for IPv6 support on Windows XP or Windows
# 2003 or later. Windows IPv6 networking must be configured first.
# Listen [::]:80
This example section shows port 80 enabled for IPv4.
# IPv4 support:
Listen 0.0.0.0:80
# Uncomment the following line for IPv6 support on Windows XP or Windows
# 2003 or later. Windows IPv6 networking must be configured first.
# Listen [::]:80
- To allow the IBM HTTP Server to accept HTTP SSL connections,
enable the SSL/TLS port 443, and remove the comment character (#)
for the following line(s) in the domino.conf file:
# To enable ssl, uncomment and add/change the
# appropriate directives
#Listen 0.0.0.0:443
## IPv6 support:
#Listen [::]:443
#<VirtualHost *:443>
#SSLEnable
#SSLClientAuth optional
#SSLProtocolDisable SSLv2
#SSLProtocolDisable SSLv3
#</VirtualHost>
#KeyFile domino_program_directory/ihs/ihsserverkey.kdb
#SSLDisable
This example section shows port 443 enabled for IPv4 with
an SSL keyring file located on
d:/keys/myserver.kdb.
Listen 0.0.0.0:443
## IPv6 support:
#Listen [::]:443
<VirtualHost *:443>
SSLEnable
SSLClientAuth optional
#SSLProtocolDisable SSLv2
#SSLProtocolDisable SSLv3
</VirtualHost>
KeyFile d:/keys/myserver.kdb
SSLDisable
#
- To prepare the server to accept SSL/TLS connections, configure
the SSL/TLS key database. Use the ikeyman utility
provided with the IBM HTTP Server, and located in the Domino Program
directory under ihs\bin, to create and configure
the key database.
- After the key database is created, verify that the KeyFile
statement points to the fully qualified file name of the key database,
as in the preceding example.
For an existing Domino server,
the Domino key ring file cannot be used as a key database, and all
necessary certificates that exist in the Domino key ring file must
be re-imported from the originating Certificate Authorities into the
IBM HTTP Server key database. See the related topic for more information
on the configuration of SSL/TLS in the IBM HTTP server.