After you have generated the keystore file, you must modify
the Jetty web server.
Procedure
- Change the directory to the following:
CHANGE_HOME/jetty/etc
- Back up the jetty.xml file, and then open
it with a text editor of your choice.
- Locate the following section:
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.SocketListener">
<Set name="Port">8600</Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">255</Set>
<Set name="MaxIdleTimeMs">60000</Set>
</New>
</Arg>
</Call>
Note: The port number in this example might
not match the port number that you selected to use during your installation.
- Modify the section as follows:
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.ibmjsse.IbmJsseListener">
<Set name="Port">8600</Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">255</Set>
<Set name="MaxIdleTimeMs">60000</Set>
<Set name="LowResourcePersistTimeMs">5000</Set>
<Set name="Keystore">/usr/local/rc.keystore</Set>
<Set name="Password">password</Set>
<Set name="KeyPassword">password</Set>
</New>
</Arg>
</Call>
Note: Before version 5.1, the value of the class
attribute was org.mortbay.http.SunJsseListener for
all operating systems except AIX®.
The
following values were used when creating your key:
- Keystore: Location of the .keystore file.
- Password: Password used to access the keystore.
- KeyPassword: Password used to access the key inside of the keystore.
- Change the port number to your old port number, or use
a new port number.
- Change the directory to:
CHANGE_HOME/jetty/webapps/context/WEB-INF
- Create a backup of your web.xml file.
- Open the web.xml file with the text
editor or your choice, and then locate the following section:
<context-param>
<param-name>protocol</param-name
<param-value>http</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>8600</param-value>
</context-param>
- Change http to https.
- Change the port number if necessary.
- If the platform is Oracle Solaris, open a text editor of
your choice, and then do the following:
Note: If running
in central server mode, all Solaris servers in your cluster must have
this change applied, even the servers that are not running HTTPS.
- Go to:
CHANGE_HOME/jetty/bin/jetty.sh
- Change line 437 from:
JAVA_OPTIONS="-Djetty.home=$JETTY_HOME
-Djetty.log=$JETTY_LOG -Xms128m -Xmx512m -server $JAVA_OPTIONS"
to:
JAVA_OPTIONS="-Djetty.home=$JETTY_HOME
-Djetty.log=$JETTY_LOG -Djava.protocol.handler.pkgs=com.ibm.net.ssl.www2.protocol
-Xms128m -Xmx512m -server $JAVA_OPTIONS"
- Stop and restart the IBM® Rational® Change server.