BuildForge Help

Configure SSL Support for the Management Console on UNIX/Linux

The Web browser client and the Apache Web server subcomponent of the Management Console communicate over an HTTP connection.

This section describes how to configure Apache for SSL to create a secure HTTPS connection. To do this, you must download some additional software, configure Apache for SSL, and create self-signed certificates.

These instructions assume that the Apache Web server subcomponent is installed on the Management Console host.

Stop the Build Forge Engine

If the Build Forge engine is running on the Management Console host, stop it by using one of the following options:

Download and Install OpenSSL

OpenSSL
Locate the tar file that contains the latest OpenSSL source code on a download site. For example: http://www.openssl.org.
Download the tar file to the Management Console host machine and unpack the file. (Do not extract file contents to the Build Forge directory.)
To compile and install OpenSSL, follow the instructions on the download site.
Java JDK
If you installed and configured Apache Tomcat for reporting, you already installed a version of the IBM or Sun Java JDK that contains the keytool utility.
Verify that $JAVA_HOME points to the Java JDK installation on the Management Console host so that the keytool is available to the OpenSSL application.

Configure Apache for SSL

  1. Backup the Build Forge Apache binaries in <bf-install>/Apache/bin. Rename the bin directory to bin_old.
  2. Backup the Build Forge Apache configuration directory: <bf-install>/Apache/conf. Rename the conf directory to conf_old.
  3. Recompile the Build Forge Apache binaries with the OpenSSL compile option:
    -- with_ssl=<path_to_openssl_binaries>
    • The OpenSSL binaries are in the openssl directory.
    • For instructions on compiling Apache binaries, see the Install Apache topic in the Build Forge Installation Guide.
    • For documentation on OpenSSL compile options, see the Apache Web site (http://apache.org).
  4. Verify that the openssl.cnf file is in the new conf directory. If necessary, copy openssl.cnf to the new conf directory from conf_old.
  5. In the openssl directory, locate the mod_ssl.so module included in the download.
  6. Copy the OpenSSL mod_ssl.so module to the Build Forge <bf-install>/Apache/modules directory.
  7. In the Build Forge Apache configuration directory (<bf-install>/Apache/conf), locate the Apache configuration file (httpd.conf).
  8. In the httpd.conf file, uncomment the following line by deleting the comment symbol (#):
    #LoadModule ssl_module modules/mod_ssl.so
  9. In the Build Forge <bf-install>/Apache/conf, create a directory called ssl for storing the keys and self-signed certificates.
  10. In the Build Forge <bf-install>/Apache/conf, rename ssl.conf.example to ssl.conf. (The ssl.conf file is the Apache SSL configuration file.)

Create Self-Signed Certificates

  1. At a command prompt, change to the directory where you installed OpenSSL (<openssl_installdir>/openssl).
  2. Move the openssl.cnf file from the <bf-install>/Apache/conf directory to the openssl_installdir>/openssl directory.
    Note: The openssl.cnf file must be available to the openssl program to create keys.
  3. Execute the following commands to create buildforge.csr, buildforge.cert, and buildforge.key files.
    #openssl req -config openssl.cnf -new -out buildforge.csr
    #openssl rsa -in privkey.pem -out buildforge.key
    #openssl x509 -in buildforge.csr -out buildforge.cert -req -signkey buildforge.key -days 365
    #openssl x509 -in buildforge.cert -out buildforge.der.crt -outform DER
  4. Copy the key files from the OpenSSL <openssl_installdir>/openssl directory to the Build Forge <bf-install>/Apache/conf/ssl directory.
  5. Open the ssl.conf file and verify that the path and file names for the buildforge.cert and buildforge.key files are correct.

Test the Apache SSL Configuration

Start the Build Forge engine in the foreground using one of the following methods. Look for any Apache start up errors.

Test the Apache HTTPS Connection to the Web Browser

Launch the Management Console and change the URL:

In the address bar of the Web browser, change the URL http to https:

https://<hostname>