Generating an SSL certificate

Generate an SSL certificate for use in the Rational® Test Control Panel server configuration. Skip the procedure if you have your own Java™ KeyStore (.jks) to use.

Before you begin

If you are generating an SSL certificate for the first time, skip this paragraph; else, ensure that you remove any older versions of the key store by doing the following:
  1. Stop Rational Test Control Panel.
  2. Go to C:\Program Files\IBM\RationalTestControlPanel\usr\servers\RTCPServer\resources\security on Windows computers or /opt/IBM/RationalTestControlPanel/usr/servers/RTCPServer/resources/security on non Windows computers and remove the key.jks file.

Procedure

  1. Open a command prompt or a terminal window and go to the bin folder in the Rational Test Control Panel installation. Typically, on Windows computers, the path is C:\Program Files\IBM\RationalTestControlPanel\bin and on non-Windows computers, /opt/IBM/RationalTestControlPanel/bin.
  2. Run securityUtility to create an SSL certificate for the Rational Test Control Panel server by using the following command: 
    securityUtility createSSLCertificate --server=RTCPServer --password=password –-subject=”CN=hostname,OU=RTCPServer,O=companyName,C=country"
    where:
    • server (required) is the name of the Rational Test Control Panel server. Set it to RTCPServer.
    • password (required) is the password to be used in the keystore and must be at least six characters in length.
    • subject is the Distinguished Name (DN) for the certificate subject and issuer. For example, CN=localhost,OU=RTCPServer,O=ibm,C=us.
      Note:
      • The CN must be the hostname that you use to access the Rational Test Control Panel server. Make sure that this value is the same as the host name in the rtcp.base.url specified in the container.server.properties file.
      • For the certificate to be valid for multiple versions of the host name, for example, "rtcp.example.com", "rtcp", "localhost", and "192.0.2.0", use the SubjectAlternativeName (SAN) extension of the SSL certificates. For more information, see Multiple Names on One Certificate.
      • To use IP addresses instead of host names, ensure that you use the SAN extensions because certificates generated with IP addresses specified in the CN field do not work with Rational Integration Tester.
  3. Verify that the output is similar to the following snippet: 
    Creating keystore C:\Program Files\IBM\RationalTestControlPanel\usr\servers\RTCPServer\resources\security\key.jks

Created SSL certificate for server RTCPServer

Add the following lines to the server.xml to enable SSL:

<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="{xor}LW07bT0zKjo=" />
    For more information about the securityUtility tool, see WebSphere® Liberty Profile documentation.
    Note: You do not have to follow the instructions in the output that is produced by the securityUtility tool. Instead, you can follow the instructions in the What to do next section.

What to do next

Enable the Rational Test Control Panel server to use SSL. See Adding SSL feature to Rational Test Control Panel server.
Feedback