Converting to Secure Mode

Complete the following tasks to convert your Liberty IDP to SSL (secure) mode:

1. Create a signing request (based on the domain name of the server you will be running on). For information on how to do this, see Creating Certificates for Apache .

   We recommend that you have a trusted third party in place to sign the certificates. Having a well-known trusted authority will make this process easier.

   During the installation, a signing certificate was created. In addition to the signing certificate, for each provider you use, you will need a certificate for communication and a certificate for introductions. If you are not using introductions, then you only need one certificate.

2. Configure the Web server to use the certificates.

   1. Modify your Apache configuration. For examples of how to do this, see Modifying the Apache Configuration Files .

   NOTE:  If you are not signing certificates by a trusted root that is in the certificate authority's file, you will need to exchange trusted roots for the IDP and SP, then import them into their respective certificate files. (See Importing Trusted Roots for details.)

3. Change iManager from http to https:

   1. In iManager, click the Liberty Management role.

   2. Select the Manage Sites task, then select your site's link.

   3. Change the Base URL Protocol from http to https.

4. Restart Tomcat and Apache for the changes to take effect.