Configuring

Learn how to further configure IBM® watsonx Code Assistant™ for Z Refactoring Assistant to run it securely.

As described in the previous Getting started topic, you can perform a quick start with Z Refactoring Assistant for evaluation purposes. However, in a production environment, it is recommended that you perform the following additional steps to run Z Refactoring Assistant securely:

  1. On the Z Refactoring Assistant host, run the preparatory step to generate the certificates to authenticate Z Refactoring Assistant with IBM AD Configuration Server. Open a terminal window and run the following command:

    ./start.sh --prepare-only /path/to/certificates
  2. In the /path/to/certificates directory, a self-signed certificate named root.crt is generated from the preparatory step. Copy this certificate to the IBM ADDI host where IBM AD Configuration Server is running, and import it into the truststore file that ADDI uses.

    1. Navigate to the path of truststore file from the Command Prompt by running the following command:
      cd C:\<location_of_truststore>
      Replace <location_of_truststore> with the actual path where your truststore file is stored.
    2. Import the certificate by running the following command:
      keytool -importcert -alias ad-core-server -keystore <truststore>.p12 -storetype PKCS12 -storepass <password> -file root.crt
  3. Restart the IBM AD Configuration Server.

  4. Obtain the ADDI server certificate and copy it to the host where Z Refactoring Assistant is running.
    Note: If ADDI is configured to utilize its own generated certificate, its location is
    <ADDI install location>\security\self_signed_server_certificate.<DATE_TIME>.crt
  5. Copy the ADDI certificate to the directory /etc/pki/ca-trust/source/anchors on the Linux® and run the following command.
    update-ca-trust
    Note: If the AD database is on a different server and uses a self-signed certificate, copy the certificate to the /etc/pki/ca-trust/source/anchors directory as well before you run the update-ca-trust command.
    For more information, see Red Hat Documentation.
  6. Note: Skip this step if IBM AD Configuration Server is configured to communicate without a certificate.
    Note: If you are not able to read the content of the zookeeper.crt file, then place the file (ensure the certificate is named as zookeeper.crt) in the directory instead of creating a symlink.
    In the /path/to/certificates directory, run the following command to create the symlink:
    ln -s /etc/pki/ca-trust/source/anchors/<the_certificate> zookeeper.crt
    Replace <the_certificate> with the ADDI certificate that you copied from the previous step.
  7. Obtain a properly signed certificate and private key for Z Refactoring Assistant itself. Place those files in the /path/to/certificates directory as well:

    Name Description
    refactoring-assistant-ui.crt Certificate for Z Refactoring Assistant
    refactoring-assistant-ui.key Private key for the certificate

    If no certificate and key is provided, Z Refactoring Assistant generates a self-signed certificate to use.