The Web browser client and the Apache Web server subcomponent of the Management
Console communicate over an HTTP connection.
This section describes how to configure Apache for SSL to secure the HTTP
connection. To do this, you must download some additional software, configure
Apache for SSL, and create self-signed certificates.
These instructions assume that the Apache Web server subcomponent is installed
on the Management Console host.
Stop the Build Forge Engine
Select Start > Programs
> IBM Rational Build Forge Management Console > Stop Engine Service.
Download and Install Apache
with OpenSSL
- Apache-OpenSSL
- Obtain the SSL compiled version of Apache (use version 2.0.59) for Win32
platforms from a download site. For example: http://hunter.campbus.com.
- Download the zip file and extract its contents to the Management Console
host machine, then install Apache-OpenSSL. (Do not extract or install the
SSL compiled version of Apache to the Build Forge directory.)
- Java JDK
- The installer for the Management Console on Windows installs a version
of the Java JDK that contains the keytool utility.
- Verify that $JAVA_HOME points to the Java JDK installation so that the
keytool is available to the Apache-OpenSSL application.
Configure Apache for SSL
- Backup the Build Forge Apache binaries in <bf-install>\Apache\bin.
Rename the bin directory to bin_old.
- Backup the Build Forge Apache configuration directory: <bf-install>\Apache\conf.
Rename the conf directory to conf_old.
- Copy the downloaded Apache-OpenSSL bin directory (and its contents) to
the Build Forge <bf-install>\Apache directory.
- Copy the downloaded Apache-OpenSSL conf directory (and its contents) to
the Build Forge <bf-install>\Apache directory.
- Verify that the openssl.cnf file is in the new conf directory. If necessary,
copy openssl.cnf to the new conf directory from conf_old.
- Copy the following files from the Build Forge <bf-install>\Apache\bin
directory to the WINDOWS\system32 directory:
- ssleay32.dll
- libeay32.dll
- In the Apache-OpenSSL modules directory, locate the mod_ssl.so module
included in the download.
- Copy the mod_ssl.so module to the Build Forge <bf-install>\Apache\modules
directory.
- In the Build Forge Apache configuration directory (<bf-install>\Apache\conf),
locate the Apache configuration file (httpd.conf).
- In the httpd.conf file, uncomment the following line by deleting the comment
symbol (#):
#LoadModule ssl_module modules/mod_ssl.so
- In the Build Forge <bf-install>\Apache\conf, create a directory
called ssl for storing the keys and self-signed certificates.
- In the Build Forge <bf-install>\Apache\conf, rename ssl.conf.example
to ssl.conf. (The ssl.conf file is the Apache SSL configuration file.)
Create Self-Signed Certificates
- At a command prompt, change to the <Apache-OpenSSL_installdir>\bin
directory. (The openssl.exe file is the bin directory.)
- Move the openssl.cnf file from the <bf-install>\Apache\conf
directory to the <bf-install>\Apache\bin directory.
Note: The openssl.cnf
file must be available to the openssl program to create keys.
- Execute the following commands to create the buildforge.csr, buildforge.cert,
and buildforge.key files.
#openssl req -config openssl.cnf -new -out buildforge.csr
#openssl rsa -in privkey.pem -out buildforge.key
#openssl x509 -in buildforge.csr -out buildforge.cert -req -signkey buildforge.key -days 365
#openssl x509 -in buildforge.cert -out buildforge.der.crt -outform DER
- Copy the key files from the <Apache-OpenSSL_installdir>\bin
directory to the Build Forge <bf-install>\Apache\conf\ssl directory.
- Open the ssl.conf file and verify that the path and file names for the
buildforge.cert and buildforge.key files are correct.
Test the Apache SSL Configuration
Start
the Build Forge engine in the foreground and look for any Apache startup errors:
Select
Start > Programs > IBM Rational Build Forge Management Console > Start Engine
(Foreground).
Test the Apache HTTPS connection
to the Web Browser
Launch the Management Console and change the
URL:
Select Start > Programs > IBM Rational Build Forge Management
Console > Management Console.
In the address bar of the Web browser,
change the URL http to https:
https://<hostname>