Modifying the web server

After you have generated the keystore file, you must modify the Jetty web server.

Procedure

  1. Change the directory to the following:

    CHANGE_HOME/jetty/etc

  2. Back up the jetty.xml file, and then open it with a text editor of your choice.
  3. Locate the following section:
    <Call name="addListener"> 
    <Arg>
    <New class="org.mortbay.http.SocketListener">
    <Set name="Port">8600</Set>
    <Set name="MinThreads">5</Set>
    <Set name="MaxThreads">255</Set>
    <Set name="MaxIdleTimeMs">60000</Set>
    </New>
    </Arg>
    </Call>
    Note: The port number in this example might not match the port number that you selected to use during your installation.
  4. Modify the section as follows:
    <Call name="addListener">
    <Arg>
    <New class="org.mortbay.http.ibmjsse.IbmJsseListener">
    <Set name="Port">8600</Set>
    <Set name="MinThreads">5</Set>
    <Set name="MaxThreads">255</Set>
    <Set name="MaxIdleTimeMs">60000</Set>
    <Set name="LowResourcePersistTimeMs">5000</Set>
    <Set name="Keystore">/usr/local/rc.keystore</Set>
    <Set name="Password">password</Set>
    <Set name="KeyPassword">password</Set>
    </New>
    </Arg>
    </Call>
    Note: Before version 5.1, the value of the class attribute was org.mortbay.http.SunJsseListener for all operating systems except AIX®.
    The following values were used when creating your key:
    • Keystore: Location of the .keystore file.
    • Password: Password used to access the keystore.
    • KeyPassword: Password used to access the key inside of the keystore.
  5. Change the port number to your old port number, or use a new port number.
    1. Change the directory to:

      CHANGE_HOME/jetty/webapps/context/WEB-INF

    2. Create a backup of your web.xml file.
    3. Open the web.xml file with the text editor or your choice, and then locate the following section:
      <context-param>
      <param-name>protocol</param-name
      <param-value>http</param-value>
      </context-param>
      <context-param>
      <param-name>port</param-name>
      <param-value>8600</param-value>
      </context-param>
    4. Change http to https.
    5. Change the port number if necessary.
  6. If the platform is Oracle Solaris, open a text editor of your choice, and then do the following:
    Note: If running in central server mode, all Solaris servers in your cluster must have this change applied, even the servers that are not running HTTPS.
    1. Go to:

      CHANGE_HOME/jetty/bin/jetty.sh

    2. Change line 437 from:

      JAVA_OPTIONS="-Djetty.home=$JETTY_HOME -Djetty.log=$JETTY_LOG -Xms128m -Xmx512m -server $JAVA_OPTIONS"

      to:

      JAVA_OPTIONS="-Djetty.home=$JETTY_HOME -Djetty.log=$JETTY_LOG -Djava.protocol.handler.pkgs=com.ibm.net.ssl.www2.protocol -Xms128m -Xmx512m -server $JAVA_OPTIONS"

  7. Stop and restart the IBM® Rational® Change server.

What to do next

Now you are ready to configure your system to use HTTPS between servers in Central Server mode.

Feedback