Securing Apache Tomcat

Secure server to server communications before you add any CLM OpenSocial gadgets to the JIRA dashboard.

About this task

You must secure communications between the Apache Tomcat server that is used by CLM and the JIRA server. Then, you can use any CLM OpenSocial gadgets that you plan to add to the JIRA dashboard.
Important: If the Apache Tomcat server is configured to run by using https, begin at step 9. This step provides information to configure OAuth to complete the authentication between JIRA and the Change and Configuration Management server.

Procedure

Export the ibm-team-ssl.keystore file from the Apache Tomcat server that is used by CLM. The file can then be used to replace the JIRA keystore.

  1. Go to the directory where the ibm-team-ssl.keystore file is located.
    JazzInstallDir/server/tomcat/
  2. Export the ibm-team-ssl.keystore file to a file. Type this command.
    keytool -export -v -keystore keystorefile -storepass ibm-team -alias ibm-team -file exportfile

    Replace keystorefile with the path and file name for the ibm-team-ssl.keystore file. Replace exportfile with the output file name.

    For example,
    keytool -export -v -keystore "C:\clm\server\tomcat\ibm-team-ssl.keystore" -storepass ibm-team -alias ibm-team -file c:\temp\ibm-team-clm.crt

Import the keystore file into the JIRA keystore.

  1. Back up the cacerts file, which contains the keystore for JIRA. Change the directory to JIRAInstallDir\jre\lib\security to locate the cacerts file.
  2. Change the directory to JIRAInstallDir\jre\bin.
  3. Type this command:
    keytool -import -file importfile -alias JazzTeamServer  -keystore keystore

    Replace importfile with the path and file name for the file that is exported in 2. Replace keystore with the path and file name for the cacerts file.

    For example,
    keytool -import -file c:\temp\ibm-team-clm.crt -alias jlip-dev1.rtp.raleigh.ibm.com  -keystore "c:\temp\ibm-team-clm.crt"
  4. When prompted for a password, type changeit.
  5. When prompted for Trust this certificate, type Yes. A message displays indicating that the certificate was added to the keystore.
  6. Restart the JIRA server.

Configure OAuth to complete the authentication between JIRA and the Change and Configuration Management server. You register the JIRA server as a consumer by using the JIRA consumer key and public key for the JIRA server.

  1. Log in to your JIRA server with administrative privileges.
  2. Open the OAuth Administration page for the JIRA server. For example, http://YourJIRAhostname:port/plugins/servlet/oauth/view-consumer-info

    The OAuth Adminstration page opens.

  3. Find the consumer key and the public key for the JIRA server.

    JIRA server consumer key and public key

  4. Point your browser to one of the following URLs by using the default context root value:
    1. https://fully qualified hostname:port/jts/admin

      Log in to the Rational® Requirements Composer server by using an account that has administrator privileges.

    2. https://fully qualified hostname:port/ccm/admin

      Log in to the Rational Team Concert™ server by using an account that has administrator privileges.

    3. https://fully qualified hostname:port/qm/admin

      Log in to the Rational Quality Management server by using an account that has administrator privileges.

  5. On the Server Administration page:
    • For jts/admin, click the Server tab.
    • For ccm/admin, click the Application tab.
    • For qm/admin, click the Application tab.
  6. Click Consumers(Inbound).
  7. For the Consumer Key, click Click here to pick up the consumer key instead. Copy the Consumer Key from the OAuth Administration page and paste it into the Consumer Key field on the Consumers(Inbound) page.
  8. In the Consumer Name field, enter a name that you want to use to identify the consumer.
  9. For the Consumer Public Key, click Click here to use a shared secret instead. Copy the Consumer Public Key from the OAuth Administration page and paste it into the Consumer Public Key field on the Consumers(Inbound) page.
  10. Click Register.

Results

Server to server communications is secured. You can use CLM OpenSocial gadgets when you add them to the JIRA dashboard.

What to do next

Add CLM open social gadgets to the JIRA dashboard, see Adding to the JIRA dashboard.

Feedback