Configuring IBM Rational Synergy to use HTTPS Protocol

Similar documents
IBM Rational Synergy DCM-GUI

Configure IBM Rational Synergy with 3 rd Party LDAP Server. Release

Tivoli Access Manager for Enterprise Single Sign-On

iscsi Configuration Manager Version 2.0

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

IBM Tivoli Directory Server Version 5.2 Client Readme

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

Networking Bootstrap Protocol

IBM Directory Integrator 5.1.2: Readme Addendum

RSE Server Installation Guide: AIX and Linux on IBM Power Systems

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

Limitations and Workarounds Supplement

Workplace Designer. Installation and Upgrade Guide. Version 2.6 G

Migrating Classifications with Migration Manager

Integrated use of IBM WebSphere Adapter for Siebel and SAP with WPS Relationship Service. Quick Start Scenarios

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

Development tools System i5 Debugger

Using application properties in IBM Cúram Social Program Management JUnit tests

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

Tivoli Access Manager for Enterprise Single Sign-On

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

IBM Storage Driver for OpenStack Version Release Notes

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

IBM. Networking INETD. IBM i. Version 7.2

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

Best practices. Reducing concurrent SIM connection requests to SSM for Windows IBM Platform Symphony

IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Version 6.00 September, 2006

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

IBM OpenPages GRC Platform - Version Interim Fix 1. Interim Fix ReadMe

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

Release Notes. IBM Tivoli Identity Manager Oracle PeopleTools Adapter. Version First Edition (May 29, 2009)

Printing Systems Division. Infoprint Manager for AIX NLV Release Notes

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Tivoli Access Manager for Enterprise Single Sign-On

Rational Focal Point Technical Overview 2(15)

IBM Directory Server 4.1 Release Notes

System i. Networking RouteD. Version 5 Release 4

IBM Content Analytics with Enterprise Search Version 3.0. Expanding queries and influencing how documents are ranked in the results

Limitations and Workarounds Supplement

Best practices. Linux system tuning for heavilyloaded. IBM Platform Symphony

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

Netcool/Impact Version Release Notes GI

IBM License Metric Tool Enablement Guide

IBM emessage Version 8.x and higher. Account Startup Overview

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

IBM Operational Decision Manager. Version Sample deployment for Operational Decision Manager for z/os artifact migration

IBM BladeCenter Chassis Management Pack for Microsoft System Center Operations Manager 2007 Release Notes

IBM OpenPages GRC Platform Version 7.0 FP2. Enhancements

IBM Storage Driver for OpenStack Version Release Notes

Tivoli Access Manager for Enterprise Single Sign-On

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

IBM Rational DOORS Installing and Using the RQM Interface Release 9.2

IBM LoadLeveler Version 5 Release 1. Documentation Update: IBM LoadLeveler Version 5 Release 1 IBM

IBM UrbanCode Cloud Services Security Version 3.0 Revised 12/16/2016. IBM UrbanCode Cloud Services Security

Migrating on UNIX and Linux

IBM Storage Driver for OpenStack Version Installation Guide SC

Lotus Forms Designer 3. What s New

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

Installation and User s Guide

IBM Rational Development and Test Environment for System z Version Release Letter GI

IBM Extended Command-Line Interface (XCLI) Utility Version 5.2. Release Notes IBM

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

Contents. Configuring AD SSO for Platform Symphony API Page 2 of 8

IBM. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns. Version 2 Release 1 BA

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

Version 1.2 Tivoli Integrated Portal 2.2. Tivoli Integrated Portal Customization guide

IBM Spectrum LSF Version 10 Release 1. Readme IBM

IBM i2 ibridge 8 for Oracle

IBM Storage Driver for OpenStack Version Installation Guide SC

Limitations and Workarounds Supplement

Performance Toolbox for AIX Version 3.1

IBM z/os Management Facility V2R1 Solution Guide IBM Redbooks Solution Guide

IBM Security QRadar Version 7 Release 3. Community Edition IBM

IBM. Avoiding Inventory Synchronization Issues With UBA Technical Note

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns IBM BA

IBM Optim. Compare Introduction. Version7Release3

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

IBM OpenPages GRC Platform Version Interim Fix 5. Interim Fix ReadMe

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

IBM XIV Host Attachment Kit for HP-UX Version Release Notes

ios 9 support in IBM MobileFirst Platform Foundation IBM

IBM XIV Host Attachment Kit for HP-UX Version Release Notes

IBM VisualAge for Java,Version3.5. External Version Control

IBM. Tivoli Usage and Accounting Manager (ITUAM) Release Notes. Version GI

Printing Systems Division. Infoprint Manager for Windows NLV Release Notes

Application and Database Protection in a VMware vsphere Environment

ServeRAID-MR10i SAS/SATA Controller IBM System x at-a-glance guide

IBM Financial Transactions Repository Version IBM Financial Transactions Repository Guide IBM

Transcription:

Technical Note Configuring IBM Rational Synergy to use HTTPS Protocol November 20, 2013 This edition applies to IBM Rational Synergy version 7.1, and to all subsequent releases and modifications until otherwise indicated in new editions. Before using this information, be sure to read the general information under Appendix: Notices on page 8. US Government Users Restricted Rights Use, duplication, or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Page 1 of 10

Table of Contents Introduction... 3 Create an SSL certificate... 3 Sign the certificate (optional)... 4 Configure the CCM Server... 5 Configure the Clients... 6 Export the server certificate... 6 Add the certificate to the clients... 6 Appendix: Notices... 8 Trademarks... 10 Page 2 of 10

Introduction This document describes how to configure Synergy to use the HTTPS protocol for secure network communication between the client and server. With HTTPS, the Secure Socket Layer (SSL) is used to encrypt the HTTP data stream between the client and web server. The technique described in this paper applies to the Synergy Admin client and Web Mode clients only. Configuring Synergy to communicate using the HTTPS protocol involves three steps: Create an SSL certificate Configure the CCM server Configure Clients Each of these steps is described in detail in the following sections. Create an SSL certificate To prepare the CCM server to accept HTTPS connections, the administrator must create a SSL certificate for the web server. The easiest way to create a SSL certificate is to use the keytool utility to create a selfsigned certificate. The keytool utility is a Key and Certificate Management Tool that manages a keystore (database) of keys and certificates. Here are the steps to create a self-signed certificate using the keytool utility on UNIX. You must create the certificate while logged in as the ccm_root user. % su ccm_root % cd $CCM_HOME/jre/bin % keytool -genkey -keyalg RSA keysize 2048 -keystore my_server.keystore -alias jettykey -validity 720 Enter keystore password: password Re-enter keystore password: password What is your first and last name? [Unknown]: <server host name> What is the name of your organizational unit? [Unknown]: <optional> What is the name of your organization? [Unknown]: <optional> What is the name of your City or Locality? [Unknown]: <optional> Page 3 of 10

What is the name of your State or Province? [Unknown]: <optional> What is the two-letter country code for this unit? [Unknown]: <optional> Is CN=<server host name>, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: y Enter key password for <jettykey> (RETURN if same as keystore password): Note: In order to avoid warnings when the web browser connects to the server, the first and last name field should be the same as the hostname field in the URL (i.e. https://<hostname>:8400) that will be used to connect to the server. The -validity argument enables you to specify the number of days the certificate will be valid. If not specified, the default value is 90, meaning the certificate would expire in 90 days. The example above uses the value 720, which is approximately 2 years. Use a setting that is appropriate for your organization. For more information about the keytool utility provided by the IBM Java Runtime Environment 6.0, bundled with Synergy, see the following article. http://www.ibm.com/developerworks/java/jdk/security/60/secguides/keytooldocs/keytool.html Sign the certificate (optional) Most web browsers will give a warning if the certificate is not signed by a trusted Certification Authority (CA) such as VeriSign. In order to avoid such warnings, the certificate needs to be signed by a trusted CA. Here are the steps to submit and receive a signed certificate: Generate a certificate signing request (CSR) % keytool -certreq -keystore my_server.keystore -alias jettykey -file jetty.csr Enter keystore password: password Enter key password for <jettykey>: password Submit the CSR to a trusted certificate authority Send the certificate signing request (CSR) that you just generated to a certificate authority (CA) that you trust. This could be a commercial CA whose signatures most or all modern browsers will honor or a CA that is internal to your organization and whose public key is installed into all browsers on your organization's computers. The specifics of this step are outside the scope of this article. Page 4 of 10

Import the signed certificate After you submit the certificate signing request to the CA, and fulfill the CA's requirements for validating your identity and trustworthiness, the CA will send you a certificate file that bears the CA's signature. Import the signed certificate into the keystore that you created using following commands: % keytool -importcert -trustcacerts -keystore my_server.keystore -alias trsutedca -file ca-csr.txt Enter keystore password: password % keytool -import -keystore my_server.keystore -alias jettykey -file signedcsr.txt Enter keystore password: password Configure the CCM Server 1. Copy the keystore file to $CCM_HOME/jetty/etc/keystores directory % cp my_server.keystore $CCM_HOME/jetty/etc/keystores 2. Change the passwords in the $CCM_HOME/jetty/etc/cm_https.xml file. For Synergy 7.1.0.6 and subsequent 7.1 Fix Packs and Interim Fixes, change both the "KeyStorePassword" and "KeyManagerPassword" fields if you used a password other than the default. For all other releases, change both the "Password" and "KeyPassword" fields if you used a password other than the default. The file cm_https.xml contains a clear text password for the jetty keystore. Ensure that it is readable by the ccm_root user, and apply proper permissions to secure it from being read or modified by users other than ccm_root. Note: If you want to set up multiple HTTPS servers, you can use a different keystore for each server, but all keystores must share the same key and keystore passwords. From Rational Synergy 7.2.1 onwards, it supports TLSv1.2 protocol. To start CCM Server with TLSv1.2 protocol, uncomment the following statement in cm_https.xml <-- <Set name= protocol >TLSv1.2</Set> --> Note: By default, the above statement is commented and CCM server will start with default SSL protocol SSLv3 Page 5 of 10

3. Modify $CCM_HOME/etc/ccm.server.properties file to change the server protocol and assign the keystores to the server. a. Change the default protocol for all servers, or create a new entry for the specific server that will use HTTPS protocol. For example: cm.webserver.default.protocol = https or cm.webserver.my_server.protocol = https b. Create a new keystore entry that references the keystore file you copied into the keystores directory in step 1 above. For example: cm.webserver.my_server.https.keystore = my_server.keystore 4. Test the server HTTPS settings from a web browser. a. Start the server % ccm_server -start b. Open a web browser and visit the new server URL address (https://<server>:<port>). The web browser may ask you if you want to trust the certificates from the server. Answer yes and you should see the page containing the Synergy Windows client download information. Configure the Clients Export the server certificate % su ccm_root % cd $CCM_HOME/jre/bin % keytool -export -keystore $CCM_HOME/jetty/etc/keystores/my_server.keystore - alias jettykey -file my_server.cer Enter keystore password: password Certificate stored in file <my_server.cer> Add the certificate to the clients Copy the my_server.cer file to each client system where the user will run the Synergy Web Mode session, and import it to the local keystore. Page 6 of 10

C:> cd %CCM_HOME%\jre\bin C:> keytool -import -alias usir-sol2 -file my_server.cer -keystore..\lib\security\cacerts Enter keystore password: changeit Owner: CN=my_server, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=my_server, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Serial number: 49d2466b Valid from: 3/31/09 9:35 AM until: 6/29/09 9:35 AM Certificate fingerprints: MD5: F6:3F:8C:18:0B:0C:DB:22:0C:51:0B:B3:4B:41:40:27 SHA1: CE:6C:B6:99:52:4D:66:1E:B4:48:94:4D:0A:7B:88:EE:CF:F7:68:B4 Trust this certificate? [no]: y Certificate was added to keystore Note: The default password of the JRE keystore is changeit. It can be changed using the keytool -storepasswd command. The above steps need to be applied to every Synergy client installation that will connect to the server. Then Synergy sessions on those clients can be started using the https server URL. Page 7 of 10

Appendix: Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send written license inquiries to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send written inquiries to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EX- PRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WAR- RANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions. Therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Page 8 of 10

Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: Intellectual Property Dept. for Rational Software IBM Corporation 1 Rogers Street Cambridge, Massachusetts 02142 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. Page 9 of 10

Trademarks IBM, the IBM logo, AIX, and Rational are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol ( or ), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.html. Windows is a trademark of Microsoft Corporation in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Solaris, Java, and all Java-based trademarks and logos are trademarks of Oracle Corporation in the United States, other countries, or both. HP-UX is a trademark of Hewlett-Packard Company in the United States, other countries, or both. Pentium is a trademark of Intel Corporation in the United States, other countries, or both. Other company, product or service names mentioned may be trademarks or service marks of others. Page 10 of 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback