Topic
6 replies Latest Post - ‏2013-02-15T00:17:44Z by SystemAdmin
cliff.sadler
cliff.sadler
17 Posts
ACCEPTED ANSWER

Pinned topic DWA using SSL for integration with RTC

‏2011-10-05T15:32:42Z |
While were at it, has anyone successfully setup DOORS Web Access to use SSL?

The instructions are somewhat cryptic, starting with "Setup Tomcat to use SSL. See their instructions"
Then, it talks about a few settings in the server.xml and festival.xml
I have found a number of "setup instructions" for Tomcat, and have also looked at some white papers on
configuring DOORS with Rational Team Concert (this is actually the goal), and they all conflict with each other.
Here's the link to the paper:
http://www.ibm.com/developerworks/rational/library/integrate-rational-doors-and-rational-team-concert-change-management/index.html?ca=drs-

What I find interesting is that all screen shots show DWa using http, yet the release notes for DWA 1.4.0.4 say this:
Limitations
URL Formats and the Rational DOORS for Rational Quality Manager Interface
The Rational DOORS URL format can be changed to have the prefix "http" or "https" (rather than "doors"). Setting this URL format is required in order to use the Redirector Service, an optional service that allows users to choose whether to open Rational DOORS URLs in a standard Rational DOORS client or in a web client, and it is also required in order to use OSLC web services to integrate Rational DOORS with Rational Team Concert. However, it should be noted that by changing the URL prefix in this way, the Rational DOORS for Rational Quality Manager Interface no longer works, since that integration depends on the "doors" URL prefix.

Bottom line, http:8080 works fine. https:8443 doesn't work at all, even at localhost.
If you have it working, perhaps you could post your config files that were modified.
Windows Server 2008
DOORS 9.3.0.4
DWA 1.4.0.4
Java jre6
Updated on 2013-02-15T00:17:44Z at 2013-02-15T00:17:44Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    346 Posts
    ACCEPTED ANSWER

    Re: DWA using SSL for integration with RTC

    ‏2011-10-10T06:51:50Z  in response to cliff.sadler
    Configuring festival.xml for secure and non –secure connections for DWA

    <!-- Configurable system properties -->
    <f:properties>
    <f:property name="interop.version" value="9.3.0.4"/>
    <f:property name="licence.server.location" value="19353@9.124.109.195"/>
    <f:property name="display.redirector.urls" value="true"/>
    <f:property name="published.url.prefix" value="https://rdsw2k3s-195.in.ibm.com:8443/doors/redirector/"/>
    <f:property name="ForceHttpsForAuthenticationForOAuth" value="true"/>
    <f:property name="oauth.domain" value="https://rdsw2k3s-195.in.ibm.com:8443/dwa"/>
    </f:properties>

    Configuring SSL
    Note: - If DWA is configured for secure connection in festival.xml file, a connector port and Certificate is required.

    1. Go to DOORS WEB ACCESS INSTALLATION PATH\server folder.
    2. Create a folder called “ssl”.
    3. Generate Self Signed Certificate for the machine where DOORS Web Access server is running

    Note: - Use the following commands to generate ssl certificate

    Open Command prompt
    Go to DOORS WEB ACCESS INSTALLATION PATH\win32\ibm-java2-i386-50\jre\bin
    Replace values as required and run the commands below. Password is ibm-team and the alias to be name of the machine where tomcat is running without the domain details.

    keytool -genkey -keyalg RSA -keysize 1024 –dname "CN=<FullyQualifiedHostname>, OU=DWA, O=IBM, L=bangalore, C=IN" -validity 365 -storepass ibm-team -keystore DOORS WEB ACCESS INSTALLATION PATH\server\ssl\ibm-team-ssl.keystore -keypass ibm-team -alias <Hostname>

    keytool -selfcert -dname "CN==<FullyQualifiedHostname>, OU=DWA, O=IBM, L=bangalore, C=IN" -validity 365 -storepass ibm-team -keystore DOORS WEB ACCESS INSTALLATION PATH\server\ssl\ibm-team-ssl.keystore -alias <Hostname>

    4. Go to DOORS WEB ACCESS INSTALLATION PATH\server\conf folder
    5. Open server.xml file

    Amend the following changes in “Define a SSL HTTP/1.1 Connector on port 8443”

    <Connector URIEncoding="UTF-8"
    clientAuth="false"
    port="8443"
    minSpareThreads="5"
    maxSpareThreads="75"
    enableLookups="true"
    disableUploadTimeout="true"
    acceptCount="100"
    maxThreads="200"
    scheme="https"
    secure="true"
    SSLEnabled="true"
    keystoreFile="DOORS Web Access Installation path\server\ssl\ibm-team-ssl.keystore"
    keystorePass="ibm-team"
    SSLVerifyClient="none"
    SSLEngine="on"
    SSLVerifyDepth="2"
    sslProtocol="TLS"
    algorithm="IbmX509"
    compression="on"
    noCompressionUserAgents="gozilla, traviata"
    compressableMimeType="text/html,text/xml,text/css,text/plain,text/javascript,application/javascript,application/x-javascript"
    />

    6. Save and close the file

    Note: - Please make sure that KeystoreFile location matches with location of certificate

    Configuring doorsRedirector.properties file

    1. Go to DOORS WEB ACCESS INSTALLATION PATH\\server\festival\config folder.
    2. Open doorsRedirector.properties file.
    3. Replace "MY_DWA_HOSTNAME" in the file with the fully Qualified Hostname of DWA server.

    Figure 4:- Configure redirector properties

    <properties>
    <comment>Configuration written: Tue Sep 13 11:40:23 GMT+05:30 2011</comment>
    <entry key="dwa.url.prefix">https://rdsw2k3s-195.in.ibm.com:8443/dwa</entry>
    <entry key="doors.enable">true</entry>
    <entry key="doors.url.prefix">doors://rdsw2k3s-195.in.ibm.com:36677/</entry>
    <entry key="dwa.enable">true</entry>
    </properties>

    4. Replace "MY_DOORS_DATABASE_HOSTNAME" in the file with the fully Qualified Hostname of DOORS database server and change port 8080 to 8443 if you are configuring secure connection, else leave as it is.
    5. Save and close the file.

    For more details check this link
    https://www.ibm.com/developerworks/mydeveloperworks/blogs/SrinivasMandava/?lang=en
    • cliff.sadler
      cliff.sadler
      17 Posts
      ACCEPTED ANSWER

      Re: DWA using SSL for integration with RTC

      ‏2011-10-11T19:34:58Z  in response to SystemAdmin
      Very complete. Thank you. Every piece I have looked at has different settings, but the common ones got the job done.
    • SystemAdmin
      SystemAdmin
      346 Posts
      ACCEPTED ANSWER

      Re: DWA using SSL for integration with RTC

      ‏2012-11-11T08:42:34Z  in response to SystemAdmin
      Hi,

      the keytool -genkey does not seem to work.

      we tried keytool -genkeypair
      we tried to put the installation path in quotation marks

      No keystore files is being created.

      Suggestions?

      thanks,
      Naseem
    • SystemAdmin
      SystemAdmin
      346 Posts
      ACCEPTED ANSWER

      Re: DWA using SSL for integration with RTC

      ‏2013-01-24T17:16:22Z  in response to SystemAdmin
      I've used these instructions several times before and they've always worked perfectly. I'm trying to set up a DWA v9.5 server now and am having a problem when trying to connect to DWA using https. Connecting to DWA using http works fine.

      The message
      
      "SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)"
      

      is displayed in Firefox when attempting to access DWA from a browser on the server with DWA. I'm running on Red Hat Linux. I've checked and re-checked these configuration instructions and don't see anything not right. I've also googled the error message but none of the fixes seem to be related to how Tomcat is used for DWA. Other https connections on this server like the JTS are working.

      Any suggestions as to what might be wrong?
  • chungk
    chungk
    1 Post
    ACCEPTED ANSWER

    Re: DWA using SSL for integration with RTC

    ‏2011-12-01T03:44:57Z  in response to cliff.sadler
    Is it work differently on Windows Server 2008 (64bits)?