BuildForge Help

Configure SSL Support for the Management Console on Windows

The Web browser client and the Apache Web server subcomponent of the Management Console communicate over an HTTP connection.

This section describes how to configure Apache for SSL to secure the HTTP connection. To do this, you must download some additional software, configure Apache for SSL, and create self-signed certificates.

These instructions assume that the Apache Web server subcomponent is installed on the Management Console host.

Stop the Build Forge Engine

Select Start > Programs > IBM Rational Build Forge Management Console > Stop Engine Service.

Download and Install Apache with OpenSSL

Apache-OpenSSL
Obtain the SSL compiled version of Apache (use version 2.0.59) for Win32 platforms from a download site. For example: http://hunter.campbus.com.
Download the zip file and extract its contents to the Management Console host machine, then install Apache-OpenSSL. (Do not extract or install the SSL compiled version of Apache to the Build Forge directory.)
Java JDK
The installer for the Management Console on Windows installs a version of the Java JDK that contains the keytool utility.
Verify that $JAVA_HOME points to the Java JDK installation so that the keytool is available to the Apache-OpenSSL application.

Configure Apache for SSL

  1. Backup the Build Forge Apache binaries in <bf-install>\Apache\bin. Rename the bin directory to bin_old.
  2. Backup the Build Forge Apache configuration directory: <bf-install>\Apache\conf. Rename the conf directory to conf_old.
  3. Copy the downloaded Apache-OpenSSL bin directory (and its contents) to the Build Forge <bf-install>\Apache directory.
  4. Copy the downloaded Apache-OpenSSL conf directory (and its contents) to the Build Forge <bf-install>\Apache directory.
  5. Verify that the openssl.cnf file is in the new conf directory. If necessary, copy openssl.cnf to the new conf directory from conf_old.
  6. Copy the following files from the Build Forge <bf-install>\Apache\bin directory to the WINDOWS\system32 directory:
    • ssleay32.dll
    • libeay32.dll
  7. In the Apache-OpenSSL modules directory, locate the mod_ssl.so module included in the download.
  8. Copy the mod_ssl.so module to the Build Forge <bf-install>\Apache\modules directory.
  9. In the Build Forge Apache configuration directory (<bf-install>\Apache\conf), locate the Apache configuration file (httpd.conf).
  10. In the httpd.conf file, uncomment the following line by deleting the comment symbol (#):
    #LoadModule ssl_module modules/mod_ssl.so
  11. In the Build Forge <bf-install>\Apache\conf, create a directory called ssl for storing the keys and self-signed certificates.
  12. In the Build Forge <bf-install>\Apache\conf, rename ssl.conf.example to ssl.conf. (The ssl.conf file is the Apache SSL configuration file.)

Create Self-Signed Certificates

  1. At a command prompt, change to the <Apache-OpenSSL_installdir>\bin directory. (The openssl.exe file is the bin directory.)
  2. Move the openssl.cnf file from the <bf-install>\Apache\conf directory to the <bf-install>\Apache\bin directory.
    Note: The openssl.cnf file must be available to the openssl program to create keys.
  3. Execute the following commands to create the buildforge.csr, buildforge.cert, and buildforge.key files.
    #openssl req -config openssl.cnf -new -out buildforge.csr
    #openssl rsa -in privkey.pem -out buildforge.key
    #openssl x509 -in buildforge.csr -out buildforge.cert -req -signkey buildforge.key -days 365
    #openssl x509 -in buildforge.cert -out buildforge.der.crt -outform DER
  4. Copy the key files from the <Apache-OpenSSL_installdir>\bin directory to the Build Forge <bf-install>\Apache\conf\ssl directory.
  5. Open the ssl.conf file and verify that the path and file names for the buildforge.cert and buildforge.key files are correct.

Test the Apache SSL Configuration

Start the Build Forge engine in the foreground and look for any Apache startup errors:

Select Start > Programs > IBM Rational Build Forge Management Console > Start Engine (Foreground).

Test the Apache HTTPS connection to the Web Browser

Launch the Management Console and change the URL:

Select Start > Programs > IBM Rational Build Forge Management Console > Management Console.

In the address bar of the Web browser, change the URL http to https:
https://<hostname>