You can configure your Rational® DOORS® Web Access server to use
Secure Sockets Layer (SSL). The configuration involves reconfiguring Rational DOORS Web Access to use HTTPS and enabling
the HTTPS connector in the Tomcat server that comes with the product.
Before you begin
To enable Rational DOORS Web Access to use SSL, you
need a security certificate. You can make a certificate manually for
testing purposes or you can purchase one from a trusted certificate
authority. You also need a keystore that contains the server certificate.
If
you purchase a certificate, install your certificate onto the Tomcat
server by following the instructions from your certificate vendor.
If you have issues installing the certificate, contact the certificate
vendor.
If you generate your own certificate for testing purposes,
you can create and manage a keystore by using the standard Java™ keytool facilities as documented
on the Oracle website. In addition to the Oracle documentation, you
can use many resources on the internet to create a certificate and
install it onto the Tomcat server.
Before you make any changes,
you must stop Rational DOORS Web Access. The following
procedure assumes that Rational DOORS Web Access has been stopped.
Before
you update your configuration files, back them up.
Note: At
the end of this procedure, you must restart Rational DOORS and Rational DOORS Web Access. If you are reconfiguring
a production system, be sure to schedule enough downtime.
About this task
After you have the keystore, configure the Tomcat server
that comes with Rational DOORS Web Access to use HTTPS
with the keystore. Then, reconfigure Rational DOORS Web
Access to use HTTPS, as described in the following procedure.
Procedure
- In the installation directory for your Rational DOORS Web
Access server, open the server/festival/config/festival.xml file.
- In the <f:properties> section of
the file, set the ForceHttpsForAuthenticationForOAuth property
to true.
- Update the published.url.prefix and oauth.domain values
to reflect the correct Rational DOORS Web Access HTTPS URL.
- Save and close the file.
- In the installation directory of your Rational DOORS Web
Access, open the server/festival/config/doorsRedirector.properties file.
- Update the dwa.url.prefix value to
reflect the correct Rational DOORS Web Access HTTPS URL.
- Save and close the file.
- In the installation directory of your Rational DOORS Web
Access server, open the server/conf/server.xml file.
- Go to the section that contains the commented-out HTTPS
connector. You need to change the HTTPS connector as shown in the
following example. The configuration changes to make are in bold in
the example.
<!-- Delete this line from the file
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" inSpareThreads="25"
MaxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="ABSOLUTE_PATH_TO_YOUR_KEYSTORE_FILE"
keystorePass="YOUR_KEYSTORE_PASSWORD" algorithm="IbmX509"
SSLEnabled="true"
/>
--> Delete this line from the file
By implementing the changes shown in bold in the example,
you will:
- Enable the HTTPS Connector. By default, the HTTPS Connector element
is commented out. To make the element active, delete the line that
immediately precedes it and the line that immediately follows it.
- Configure the server to use HTTPS on port 8443. The default HTTPS
port for the Tomcat server and Rational DOORS Web Access is 8443. To use
a different HTTPS port, replace 8443 with the custom port in the server.xml file
and all of the Rational DOORS Web Access configuration
files that refer to 8443 as the HTTPS port.
- Configure the HTTPS Connector to use your security certificate
by identifying the keystore location and password.
- Configure the HTTPS Connector to use the algorithm that Rational DOORS Web Access requires.
- Configure the Tomcat server to enable SSL.
Note: Be careful when you change the server.xml file
because incorrect edits can lead to a complete loss of system functionality.
Before you edit the file, make a backup of it. For more information
about configuring HTTPS and about other methods of configuration,
see the Tomcat documentation.
- Save and close the server.xml file.
- Reconfigure the Rational DOORS server to use the correct Rational DOORS Web Access HTTPS URL running dbadmin at
a command prompt, as described in the "Configuring the Rational DOORS database
server" topic.
- Restart Rational DOORS.
- Restart Rational DOORS Web Access.