While were at it, has anyone successfully setup DOORS Web Access to use SSL?
The instructions are somewhat cryptic, starting with "Setup Tomcat to use SSL. See their instructions"
Then, it talks about a few settings in the server.xml and festival.xml
I have found a number of "setup instructions" for Tomcat, and have also looked at some white papers on
configuring DOORS with Rational Team Concert (this is actually the goal), and they all conflict with each other.
Here's the link to the paper:
What I find interesting is that all screen shots show DWa using http, yet the release notes for DWA 22.214.171.124 say this:
URL Formats and the Rational DOORS for Rational Quality Manager Interface
The Rational DOORS URL format can be changed to have the prefix "http" or "https" (rather than "doors"). Setting this URL format is required in order to use the Redirector Service, an optional service that allows users to choose whether to open Rational DOORS URLs in a standard Rational DOORS client or in a web client, and it is also required in order to use OSLC web services to integrate Rational DOORS with Rational Team Concert. However, it should be noted that by changing the URL prefix in this way, the Rational DOORS for Rational Quality Manager Interface no longer works, since that integration depends on the "doors" URL prefix.
Bottom line, http:8080 works fine. https:8443 doesn't work at all, even at localhost.
If you have it working, perhaps you could post your config files that were modified.
Windows Server 2008
This topic has been locked.
6 replies Latest Post - 2013-02-15T00:17:44Z by SystemAdmin
Pinned topic DWA using SSL for integration with RTC
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-02-15T00:17:44Z at 2013-02-15T00:17:44Z by SystemAdmin
Re: DWA using SSL for integration with RTC2011-10-10T06:51:50Z in response to cliff.sadlerConfiguring festival.xml for secure and non –secure connections for DWA
<!-- Configurable system properties -->
<f:property name="interop.version" value="126.96.36.199"/>
<f:property name="licence.server.location" value="firstname.lastname@example.org"/>
<f:property name="display.redirector.urls" value="true"/>
<f:property name="published.url.prefix" value="https://rdsw2k3s-195.in.ibm.com:8443/doors/redirector/"/>
<f:property name="ForceHttpsForAuthenticationForOAuth" value="true"/>
<f:property name="oauth.domain" value="https://rdsw2k3s-195.in.ibm.com:8443/dwa"/>
Note: - If DWA is configured for secure connection in festival.xml file, a connector port and Certificate is required.
1. Go to DOORS WEB ACCESS INSTALLATION PATH\server folder.
2. Create a folder called “ssl”.
3. Generate Self Signed Certificate for the machine where DOORS Web Access server is running
Note: - Use the following commands to generate ssl certificate
Open Command prompt
Go to DOORS WEB ACCESS INSTALLATION PATH\win32\ibm-java2-i386-50\jre\bin
Replace values as required and run the commands below. Password is ibm-team and the alias to be name of the machine where tomcat is running without the domain details.
keytool -genkey -keyalg RSA -keysize 1024 –dname "CN=<FullyQualifiedHostname>, OU=DWA, O=IBM, L=bangalore, C=IN" -validity 365 -storepass ibm-team -keystore DOORS WEB ACCESS INSTALLATION PATH\server\ssl\ibm-team-ssl.keystore -keypass ibm-team -alias <Hostname>
keytool -selfcert -dname "CN==<FullyQualifiedHostname>, OU=DWA, O=IBM, L=bangalore, C=IN" -validity 365 -storepass ibm-team -keystore DOORS WEB ACCESS INSTALLATION PATH\server\ssl\ibm-team-ssl.keystore -alias <Hostname>
4. Go to DOORS WEB ACCESS INSTALLATION PATH\server\conf folder
5. Open server.xml file
Amend the following changes in “Define a SSL HTTP/1.1 Connector on port 8443”
keystoreFile="DOORS Web Access Installation path\server\ssl\ibm-team-ssl.keystore"
6. Save and close the file
Note: - Please make sure that KeystoreFile location matches with location of certificate
Configuring doorsRedirector.properties file
1. Go to DOORS WEB ACCESS INSTALLATION PATH\\server\festival\config folder.
2. Open doorsRedirector.properties file.
3. Replace "MY_DWA_HOSTNAME" in the file with the fully Qualified Hostname of DWA server.
Figure 4:- Configure redirector properties
<comment>Configuration written: Tue Sep 13 11:40:23 GMT+05:30 2011</comment>
4. Replace "MY_DOORS_DATABASE_HOSTNAME" in the file with the fully Qualified Hostname of DOORS database server and change port 8080 to 8443 if you are configuring secure connection, else leave as it is.
5. Save and close the file.
For more details check this link
Re: DWA using SSL for integration with RTC2012-11-11T08:42:34Z in response to SystemAdminHi,
the keytool -genkey does not seem to work.
we tried keytool -genkeypair
we tried to put the installation path in quotation marks
No keystore files is being created.
Re: DWA using SSL for integration with RTC2013-01-24T17:16:22Z in response to SystemAdminI've used these instructions several times before and they've always worked perfectly. I'm trying to set up a DWA v9.5 server now and am having a problem when trying to connect to DWA using https. Connecting to DWA using http works fine.
"SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)"
is displayed in Firefox when attempting to access DWA from a browser on the server with DWA. I'm running on Red Hat Linux. I've checked and re-checked these configuration instructions and don't see anything not right. I've also googled the error message but none of the fixes seem to be related to how Tomcat is used for DWA. Other https connections on this server like the JTS are working.
Any suggestions as to what might be wrong?
Re: DWA using SSL for integration with RTC2013-02-15T00:17:44Z in response to SystemAdminThe solution to this issue is described in tech note http://www-01.ibm.com/support/docview.wss?uid=swg21504480. My particular issue was that I had specified the SSLEnabled keyword as sslEnabled (note difference in capitalization).