After you have modified your web server, configure your system to use HTTPS between servers in Central Server mode. Central-to-remote communication is done through HTTP or HTTPS. If one server is running HTTPS, you must configure the Java installation that services the other server so that the installation can trust the certificate.
Procedure
- Export the certificate from the keystore file that you generated.
keytool -export -keystore keystore_file -alias machinename -file temporary_file
For example, keytool -export -keystore "/usr/local/rc53/rc.keystore" -alias hawk -file d:\temp\change8600.cer
Enter keystore password: (Type your keystore password)
Certificate stored in file <d:\temp\change8600.cer>
- Access the .cer file that you created, and then copy it to the machine where your other Rational® Change server is running.
- Change the directory to CHANGE_HOME/jre/bin.
- Import the certificate into the Java trusted certificate keystore. For example:
keytool -import -alias machinename -file the_.cer_file -keystore a_keystore_file
Use the .cer file that you copied from your other installation. Use the Java trusted certificate file for the keystore, $CCM_HOME/jre/lib/security/cacerts. The keystore default password is changeit.
keytool -import -alias hawk -file d:\temp\change8600.cer -keystore $CCM_HOME\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=192.168.10.10, OU=Development, O=Rational, L=Irvine, ST=Ca, C=US
Issuer: CN=192.168.10.10, OU=Development, O=Rational, L=Irvine, ST=Ca, C=US
Serial number: 47e7e301
Valid from: Mon Mar 24 10:21:05 PDT 2011 until: Sun Jun 22 10:21:05 PDT 2012
Certificate fingerprints:
MD5: 5E:B9:05:C0:6E:4D:3F:10:AE:C2:CC:D3:68:29:BC:80
SHA1: F9:2E:FD:94:F9:6C:E6:B3:82:83:35:52:E4:3B:0B:CB:70:35:19:1A
Trust this certificate? [no]: y
Certificate was added to keystore
- Ensure that the first and last name of the keystore that was created matches the configuration of the two Rational Change servers.
Doing so helps avoid receiving warning messages in the event.log file. For example, if a remote server is registered to a central server using the short host name hawk instead of how the keystore was created with the IP address, the log is populated with the following warnings:
WARN: HTTPS URL host 'hawk' does not match '190.123.10.10'Although the log contains warning messages, the messages do not impact how the system functions.
What to do next
Optionally,
obfuscate your passwords.