The Web browser client and the Apache Web server subcomponent of the Management
Console communicate over an HTTP connection.
This section describes how to configure Apache for SSL to create a secure
HTTPS connection. To do this, you must download some additional software,
configure Apache for SSL, and create self-signed certificates.
These instructions assume that the Apache Web server subcomponent is installed
on the Management Console host.
Stop the Build Forge Engine
If the Build Forge
engine is running on the Management Console host, stop it by using one of
the following options:
Download and Install OpenSSL
- OpenSSL
- Locate the tar file that contains the latest OpenSSL source code on a
download site. For example: http://www.openssl.org.
- Download the tar file to the Management Console host machine and unpack
the file. (Do not extract file contents to the Build Forge directory.)
- To compile and install OpenSSL, follow the instructions on the download
site.
- Java JDK
- If you installed and configured Apache Tomcat for reporting, you already
installed a version of the IBM or Sun Java JDK that contains the keytool utility.
- Verify that $JAVA_HOME points to the Java JDK installation on the Management
Console host so that the keytool is available to the OpenSSL application.
Configure Apache for SSL
- Backup the Build Forge Apache binaries in <bf-install>/Apache/bin.
Rename the bin directory to bin_old.
- Backup the Build Forge Apache configuration directory: <bf-install>/Apache/conf.
Rename the conf directory to conf_old.
- Recompile the Build Forge Apache binaries with the OpenSSL compile option:
-- with_ssl=<path_to_openssl_binaries>
- The OpenSSL binaries are in the openssl directory.
- For instructions on compiling Apache binaries, see the Install Apache topic
in the Build Forge Installation Guide.
- For documentation on OpenSSL compile options, see the Apache Web site
(http://apache.org).
- Verify that the openssl.cnf file is in the new conf directory. If necessary,
copy openssl.cnf to the new conf directory from conf_old.
- In the openssl directory, locate the mod_ssl.so module included in the
download.
- Copy the OpenSSL mod_ssl.so module to the Build Forge <bf-install>/Apache/modules
directory.
- In the Build Forge Apache configuration directory (<bf-install>/Apache/conf),
locate the Apache configuration file (httpd.conf).
- In the httpd.conf file, uncomment the following line by deleting the comment
symbol (#):
#LoadModule ssl_module modules/mod_ssl.so
- In the Build Forge <bf-install>/Apache/conf, create a directory
called ssl for storing the keys and self-signed certificates.
- In the Build Forge <bf-install>/Apache/conf, rename ssl.conf.example
to ssl.conf. (The ssl.conf file is the Apache SSL configuration file.)
Create Self-Signed Certificates
- At a command prompt, change to the directory where you installed OpenSSL
(<openssl_installdir>/openssl).
- Move the openssl.cnf file from the <bf-install>/Apache/conf
directory to the openssl_installdir>/openssl directory.
Note: The openssl.cnf
file must be available to the openssl program to create keys.
- Execute the following commands to create buildforge.csr, buildforge.cert,
and buildforge.key files.
#openssl req -config openssl.cnf -new -out buildforge.csr
#openssl rsa -in privkey.pem -out buildforge.key
#openssl x509 -in buildforge.csr -out buildforge.cert -req -signkey buildforge.key -days 365
#openssl x509 -in buildforge.cert -out buildforge.der.crt -outform DER
- Copy the key files from the OpenSSL <openssl_installdir>/openssl
directory to the Build Forge <bf-install>/Apache/conf/ssl directory.
- Open the ssl.conf file and verify that the path and file names for the
buildforge.cert and buildforge.key files are correct.
Test the Apache SSL Configuration
Start
the Build Forge engine in the foreground using one of the following methods.
Look for any Apache start up errors.
Test the Apache HTTPS Connection
to the Web Browser
Launch the Management Console and change the
URL:
In the address bar of the Web browser, change the URL http to https:
https://<hostname>