IBM Support

Updating the Secure Sockets Layer (SSL) keystore

Question & Answer


Question

How do I make required updates to the keystore?

Answer

Following installation of this release, home-directory/.keystore_clearcase files must be deleted and recreated on machines that run

  • The ClearCase Remote Client (this client encompasses the CCRC GUI and CLI (rcleartool) interfaces).
  • The Change Management Application Program Interface (CMAPI)

This task is unnecessary for the Change Management Integration (CMI) and the Base ClearCase / ClearQuest V2 integration, regardless of whether the remote client (CCRC) or local client (CCLC) is running.

The keystore file is a JKS format keystore that should contain only trusted certificate authorities or trusted self-signed certificates that specify hostnames that match the server hostnames. Use the keytool command (rationalsdlc/common/java-dir/jre/bin/keytool) to update the keystore as follows:

  1. List the contents of the keystore:
    keytool -storetype JKS -keystore .keystore_clearcase -list -storepass rational

  2. Import a new key (you will be asked to mark it as trusted):
    keytool -storetype JKS -keystore .keystore_clearcase -storepass rational -importcert -alias
    your-alias-name -file pathname-to-CA-root-certificate

NOTE
: The ClearCase administrator can create a single keystore file and distribute it as needed.

[{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0.0.18;8.0.1.11;9.0.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
24 October 2018

UID

swg21983615