This article gives an overview of how to set up multiple IBM® Rational Team Concert™ instances using IBM® WebSphere® Application Server Network Deployment ("WebSphere" or "the application server" hereafter), along with detailed steps to install an SSL certificate on each of the profiles created on WebSphere to provide secure access for the Rational Team Concert application. The systematic instructions in this article help you generate a CSR (Certificate Signing Request) to request the SSL certificate and then to install and configure it using either Version 6.1 or 7.0 of the application server.
Prepare for multiple Rational Team Concert deployments
Normally, Rational Team Concert requires the base edition of WebSphere Application Server. But to install multiple Rational Team Concert instances on a single server, you must use WebSphere Application Server Network Deployment. The steps that follow explain how to create multiple WebSphere profiles.
See Resources for a link to hardware, software, and operating system requirements for Rational Team Concert collaborative management software.
- Install WebSphere Application Server Network Deployment v6.1 or 7.0 with the required fix pack, according to the Rational Team Concert requirement.
- Using the Profile Management Tool, create an application server profile.
- Move to the ProfileManagement directory:
- Run the following command:
- Follow the GUI screen and create the Application Server profile.
- Make notes of port numbers assigned while creating multiple profiles. For instance, in the capture shown in Figure 1, port number 9043, administrative console secure port, is used for WebSphere Application Server administration, and port number 9443, HTTPS transport port, is used for Jazz/admin access.
- Ensure that other services running on the server are not conflicting with the ports used here while creating multiple profiles.
Figure 1. Port Values Assignment view
Configure Rational Team Concert on multiple WebSphere profiles
Install the Rational Team Concert web archive files on all the profiles created on WebSphere Application Server:
While using Rational Team Concert 3.0, these are the context names:
- /jts for the jts.war file
- /ccm for ccm.war
- /clmhelp for clmhelp.war
The following steps are only for Rational Team Concert installation on multiple profiles. Detailed configuration steps are available in the documentation (see Resources for a link).
Set up Rational Team Concert 3.0
- Install and configure the ccm.war, jts.war, and clmhelp.war files on the profile.
Figure 2. Enterprise application
- Make sure the JAZZ_HOME and log4j.configuration are set with the desired paths in custom properties.
Figure 3. Custom properties
The value for JAZZ_HOME and log4j.configuration should be from the same WebSphere profile. Here RTC3_HMEL is the profile name. The subsequent WebSphere profile will have different profile name.
Install the SSL certificate for the WebSphere profiles
Before proceeding for SSL certificate installation, you first need to generate a CSR (Certificate Signing Request) to receive the SSL certificate from the vendor.
Request the SSL certificate
- Run the ikeyman.sh script on WebSphere Application Server. It is located in this path on both WebSphere 6.1 and 7.0: /opt/IBM/WebSphere/AppServer/bin
Figure 4. IBM key management
- Click the new key database file option, and select the key database type as JKS.
- Enter the file name and location (
key.jks), and click OK.
- At the password prompt, enter the password and click OK.
This password is essential to install the SSL certificate after receiving the certificate from the vendor.
- In the "Key database content" section, select Personal Certificate Requests and click New to display the certificate request window (Figure 5).
Figure 5. WebSphere 6.1, Certificate request, dialog window
Figure 6. WebSphere 7.0, Create New Key and Certificate Request dialog window
- Name the Key Label, select 2048 as the Key Size, and choose the signature algorithm from the drop-down menu.
- Ensure that the SSL vendor supports the key size and signature algorithm selected.
- Enter the common name, such as the server hostname
- Complete all of the optional selections.
- Browse to enter the name of the file where you want to store the certificate request, with the full path, and click OK.
- In response to the message shown in Figure 9, click OK.
- Send the certreq.arm file to the SSL vendor to get the SSL certificate.
Figure 7. "…request has been successfully created" confirmation
Install the certificate
- After receiving the SSL certificate, install the certificate on all of the WebSphere profiles, one by one:
- Expand Security.
- Click SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.
Figures 8 and Figure 9 display the default certificate from WebSphere 6.1 and WebSphere 7.0, respectively.
Figure 8. WebSphere 6.1 SSL Certificate and Key Management view
Figure 9. WebSphere 7.0 SSL Certificate and Key Management view
- Click Import.
- Enter the Key file name (see Figures 10, 11, and 12), select the Type, and Key file password, and click Get key File Aliases.
Key file name is Location + file name, Type is JKS. Password is the password that you entered while creating the Key database file.
Figure 10. WebSphere 6.1 Import certificate from a key file
Figure 11. WebSphere 7.0 Import certificate from a key file or key store
Figure 12. Key file details
After clicking the Get Key file aliases button, the key label "sitecert" will be in the drop-down menu of the "Certificate alias to import" field (Figure 13).
- Select sitecert, and for "Imported certificate alias," enter a name:
- Click OK, and save the configuration.
Figure 13. Certificate alias to import
Update and test your configuration
After successfully importing the new SSL certificate, both the default and the new SSL certificate will be available in personal certificates.
Figure 14. SSL certificates view, updated
- Delete the default certificate, and save the configuration.
- Restart the respective WebSphere profiles, and try accessing the Rational Team Concert web link and Rational Team Concert Eclipse client. The newly installed vendor SSL certificate will be protecting the Rational Team Concert application access.
- Repeat the steps to install the same SSL certificate on all of the profiles to have secure access for the Rational Team Concert application installed on it.
This article explained how to configure multiple instances of Rational Team Concert by using WebSphere Application Server Network Deployment profiles. It covered how to generate the CSR and then request an SSL certificate from the SSL vendor, as well as how to install and configure the certificate on all of the profiles created on WebSphere v6.1 and 7.0 for secure Rational Team Concert access.
- Check the supported operating systems, hardware, and software in Rational Team Concert system requirements.
- Get the product documentation you need to get started from the Rational Team Concert Version 3.0 Information Center.
- Find Rational Team Concert articles and links to many other resources on the IBM developerWorks page. You can also watch the Using Rational Team Concert in a globally distributed team webcast or a demonstration of the Dashboards and reports, or listen to the podcast about IBM Rational Team Concert and Jazz.
- Visit the Rational software area on developerWorks for technical resources and best practices
for Rational Software Delivery Platform products.
- Stay current with developerWorks technical events and webcasts focused on a variety of IBM products and IT industry topics.
- Attend a free developerWorks Live! briefing to get up-to-speed quickly on IBM products and tools, as well as IT industry trends.
- Watch developerWorks on-demand demos, ranging from product installation and setup demos for beginners to advanced functionality for experienced developers.
- Improve your skills. Check the Rational training and certification catalog, which includes many types of courses on a wide range of topics. You can take some of them anywhere, any time, and many of the "Getting Started" ones are free.
Get products and technologies
- Rational Team Concert trial downloads (free):
- Evaluate IBM software in the way that suits you best: Download it for a trial, try it online, use it in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement service-oriented architecture efficiently.
- Join the Rational Team Concert discussions or ask questions in the Jazz.net forums.
- Share your knowledge and help others who use Rational software by writing a developerWorks article. You'll get worldwide exposure, RSS syndication, a byline and a bio, and the benefit of professional editing and production on the developerWorks Rational website. Find out what makes a good developerWorks article and how to proceed.
- Follow Rational software on Facebook and Twitter (@ibmrational), and add your comments and requests.
- Ask and answer questions and increase your expertise when you get involved in the Rational forums, cafés, and wikis.
- Connect with others who share your interests by joining the developerWorks community and responding to the developer-driven blogs.