The PowerHA web interface is configured automatically with the following settings:
...
| Note |
|---|
We recommend you configure the PowerHA webserver for secure HTTPS traffic. This ensures all information sent over the network is encrypted. |
Various configuration options for the PowerHA Web Interface can be changed:
Starting and Ending the PowerHA Web Interface
...
| Expand |
|---|
| title | Creating the *SYSTEM certificate store |
|---|
|
ProcedureIn a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i. Log in with an IBM i profile with sufficient authority. Click on Create Certificate Store on the left-hand navigation menu On the right-hand side of the page select *SYSTEM. 
| Info |
|---|
Note: If the *SYSTEM option is not available in the list, it indicates that there is a *SYSTEM store already created on this system, and these steps have already been performed. |
5. Create a password for the *SYSTEM store and click Create. | Info |
|---|
Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts. |
ResultThe *SYSTEM certificate store is created on the node. |
...
| Expand |
|---|
| title | Creating the Local Certificate Authority |
|---|
|
ProcedureIn a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i. Log in with an IBM i profile with sufficient authority. Click on Create Certificate Store on the left-hand navigation menu. On the right-hand side of the page select Local CA. 
| Info |
|---|
Note: If the Local CA option is not available in the list, it indicates that there is already a local certificate authority on this system, and these steps have already been performed. |
5. Create a password for the Local CA store and click Create. | Info |
|---|
Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts. |
ResultThe *SYSTEM certificate store is created on the node. |
| Expand |
|---|
| title | Creating a Certificate Authority (CA) Certificate |
|---|
|
ProcedureIn a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i. Log in with an IBM i profile with sufficient authority. In the left-hand menu, select Local CA  If Local CA is not in the left-hand menu, open it by doing the following: Select Open Certificate Store. Enter the password for the local certificate authority, and click open. The Local CA will now automatically be selected in the left-hand menu.
Under Certificate Authority (CA) Certificates, create one if one does not exist by selecting Create. Fill in the required fields. At a minimum: Common name: Provide a unique common name for this. For example: MyCompany MySystem CA Organization Name: Provide the name of your company State or Province: Provide the state or province of the system Country or Region: Provide the two character country code
 Image Removed Image Added
Click Create.
ResultThe CA Certificate is created on the node. |
...
| Expand |
|---|
| title | Assigning the Certificate to the PowerHA Webserver |
|---|
|
ProcedureIn a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i. Log in with an IBM i profile with sufficient authority. In the left-hand menu, select the *SYSTEM certificate store.  If the *SYSTEM certificate store is not in the left-hand menu, open the certificate store: Select Open Certificate Store in the left-hand menu. Select *SYSTEM on the right-hand side of the screen.  Enter the password for the *SYSTEM certificate store. Click Open.
Select Manage Application Definitions.  Search for QIBM_QHASM_WEB.  Click on the + symbol at the lower-right of the QIBM_QHASM_WEB box. Click on Assign Certificates. Check the box for the certificate you wish to assign, and click Assign.  Image Removed Image Added
ResultThe certificate is now assigned to the PowerHA web interface |
...
CHGHAWEB HTTPS(*SAME 12345)
| Info |
|---|
Note: The PowerHA HTTP server instance must be restarted after changing the port number. |
...