Configuring Rational DOORS Web Access to use SSL

You can configure your Rational® DOORS® Web Access server to use Secure Sockets Layer (SSL). The configuration involves reconfiguring Rational DOORS Web Access to use HTTPS and enabling the HTTPS connector in the Tomcat server that comes with the product.

Before you begin

To enable Rational DOORS Web Access to use SSL, you need a security certificate. You can make a certificate manually for testing purposes or you can purchase one from a trusted certificate authority. You also need a keystore that contains the server certificate.

If you purchase a certificate, install your certificate onto the Tomcat server by following the instructions from your certificate vendor. If you have issues installing the certificate, contact the certificate vendor.

If you generate your own certificate for testing purposes, you can create and manage a keystore by using the standard Java™ keytool facilities as documented on the Oracle website. In addition to the Oracle documentation, you can use many resources on the internet to create a certificate and install it onto the Tomcat server.

Before you make any changes, you must stop Rational DOORS Web Access. The following procedure assumes that Rational DOORS Web Access has been stopped.

Before you update your configuration files, back them up.

Note: At the end of this procedure, you must restart Rational DOORS and Rational DOORS Web Access. If you are reconfiguring a production system, be sure to schedule enough downtime.

About this task

After you have the keystore, configure the Tomcat server that comes with Rational DOORS Web Access to use HTTPS with the keystore. Then, reconfigure Rational DOORS Web Access to use HTTPS, as described in the following procedure.

Procedure

  1. In the installation directory for your Rational DOORS Web Access server, open the server/festival/config/festival.xml file.
  2. In the <f:properties> section of the file, set the ForceHttpsForAuthenticationForOAuth property to true.
  3. Save and close the file.
  4. In the installation directory of your Rational DOORS Web Access, open the server/festival/config/doorsRedirector.properties file.
  5. Update the dwa.url.prefix value to reflect the correct Rational DOORS Web Access HTTPS URL.
  6. Save and close the file.
  7. In the installation directory of your Rational DOORS Web Access server, open the server/conf/server.xml file.
  8. Go to the section that contains the commented-out HTTPS connector and perform tasks that are relevant to your security needs, as documented in the Apache Tomcat Configuration Reference for the HTTP Connector. The following list presents several important tasks; see the Apache Tomcat documentation for more HTTP Connector options.
    • Enable the HTTPS Connector. By default, the HTTPS Connector element is commented out.
    • Configure the server to use HTTPS on port 8443. The default HTTPS port for the Tomcat server and Rational DOORS Web Access is 8443. To use a different HTTPS port, replace 8443 with the custom port in the server.xml file and all of the Rational DOORS Web Access configuration files that refer to 8443 as the HTTPS port.
    • Configure the HTTPS Connector to use your security certificate by identifying the keystore location and password.
    • Configure the Tomcat server to enable SSL.
    Note: Be careful when you change the server.xml file because incorrect edits can lead to a complete loss of system functionality. Before you edit the file, make a backup of it. For more information about configuring HTTPS and about other methods of configuration, see the Tomcat documentation.
  9. Save and close the server.xml file.
  10. Reconfigure the Rational DOORS server to use the correct Rational DOORS Web Access HTTPS URL running dbadmin at a command prompt, as described in the "Configuring the Rational DOORS database server" topic.
  11. Restart Rational DOORS.
  12. Restart Rational DOORS Web Access.

Feedback