Secure communications between the WebSphere® Application Server used by CLM
and the JIRA server before you add CLM OpenSocial gadgets to the JIRA
dashboard.
About this task
You must secure the WebSphere Application
Server before you use any CLM OpenSocial gadgets that you plan to
add to the JIRA dashboard. For more information about WebSphere Application Server communications,
see
Securing communications.
Procedure
For a single CLM application server topology, extract
the signer part of a personal certificate from the keystore and store
it to a file. The file can then be used to add the signer to the JIRA
keystore. Skip to the next section, for a distributed CLM application
server topology.
- From the admin console, click . The SSL certificate and key management page
opens.
- Under Related Items, click Key stores and certificates.

- On the Key stores and certificates page, select the name NodeDefaultKeyStore. The General Properties page opens
for the NodeDefaultKeyStore.
- Under Additional Properties, click Personal
certificates.

- On the Personal certificates page,
select the check box next to default.
- Click Extract.
- On the Extract certificate page, type
a unique name with the extension .pem to identify
the keystore.
For example, clm_keystores.pem

- Click OK. The signer
portion of the personal certificate is stored in the file that is
provided.
- Verify the file content. Change to the WASInstallDir\AppServer\profiles\profilename\etc directory.
Open the file.

Skip to the next
section about importing the certificate.
For a distributed CLM application server topology, extract
the certificate from the keystore and store it to a file. The file
can then be used to add the signer to the JIRA keystore.
- From the admin console, click . The Web servers page
opens.
- Under Name, click the IBM® HTTP server that you want to work with.
- Under Additional Properties, click Configuration
file.
- On the Configuration file page, find
and note the Keyfile attribute.
For
example, /opt/IBM/HTTPServer/ihsserverkey.kdb
- Log in to your IBM HTTP
Server.
- Find the keystore file ihsserverkey.kdb in
the /opt/IBM/HTTPServer directory.
- Extract the keystore with the gskcapicmd.
For more information about this command, see IBM Global
Security Kit.
- Change to the location of the keystore /opt/IBM/HTTPServer
- Type this command:
bin/gskcapimd –cert –extract –db ihsserverkey.kdb –pw ec11ipse –label "ihsserver"d –format binary –target ihs.crt
A certificate file is created, which you import into the
keystore file on the JIRA server.
Import the certificate file into the JIRA keystore.
- Copy the keystore file that you created from WebSphere Application Server to a temporary
location on your JIRA server.
- Back up the cacerts file, which contains
the keystore for JIRA. Change the directory to JIRAInstallDir\jre\security to
locate the cacerts file.
- Open a command window and change to the JIRAInstallDir\jre\bin directory.
- Type this command:
keytool –import –file TempFileLocation\NameofCertificateFile –alias clm_keys –keystore JIRAInstallDir\jre\lib\security\cacerts
- When prompted for a password, type changeit
- When prompted for Trust this certificate,
type Yes. A message displays
indicating that the certificate was added to the keystore.
- Restart the JIRA server.
Configure OAuth to complete the authentication between
JIRA and the Change and Configuration Management server. You register
the JIRA server as a consumer by using the JIRA consumer key and public
key for the JIRA server.
- Log in to your JIRA server with administrative privileges.
- Open the OAuth Administration page. For example, http://YourJIRAhostname/plugins/servlet/oauth/view-consumer-info
- Find the consumer key and the public key for the JIRA server.
- Point your browser to one of the following URLs by using
the default context root value:
- https://fully qualified hostname:port/jts/admin
Log in to the Rational® Requirements
Composer server by using an account that has administrator privileges.
- https://fully qualified hostname:port/ccm/admin
Log in to the Rational Team Concert™ server by using an account that has administrator
privileges.
- https://fully qualified hostname:port/qm/admin
Log in to the Rational Quality
Management server by using an account that has administrator privileges.
- On the Server Administration page:
- For jts/admin, click the Server tab.
- For ccm/admin, click the Application tab.
- For qm/admin, click the Application tab.
- Click Consumers(Inbound).
- For the Consumer Key, click Click
here to pick up the consumer key instead. Copy the Consumer
Key from the OAuth Administration page
and paste it into the Consumer Key field on
the Consumers(Inbound) page.
- In the Consumer Name field, enter
a name that you want to use to identify the consumer.
- For the Consumer Public Key, click Click
here to use a shared secret instead. Copy the Consumer
Public Key from the OAuth Administration page
and paste it into the Consumer Public Key field
on the Consumers(Inbound) page.

- Click Register. The
consumer key is registered and the authorized key is added to the
list of OAuth consumers.
Results
Communications is secured between the WebSphere Application Server used by CLM
and the JIRA server. When you add the CLM OpenSocial gadgets to the
JIRA dashboard, data can display in the gadget.
What to do next
Add CLM OpenSocial gadgets to the JIRA dashboard, see
Adding to the JIRA dashboard.