Configuring
Learn how to further configure IBM® watsonx Code Assistant™ for Z Refactoring Assistant to run it securely.
As described in the previous Getting started topic, you can perform a quick start with Z Refactoring Assistant for evaluation purposes. However, in a production environment, it is recommended that you perform the following additional steps to run Z Refactoring Assistant securely:
-
On the Z Refactoring Assistant host, run the preparatory step to generate the certificates to authenticate Z Refactoring Assistant with IBM AD Configuration Server. Open a terminal window and run the following command:
./start.sh --prepare-only /path/to/certificates
-
In the
/path/to/certificates
directory, a self-signed certificate namedroot.crt
is generated from the preparatory step. Copy this certificate to the IBM ADDI host where IBM AD Configuration Server is running, and import it into thetruststore
file that ADDI uses.- Navigate to the path of
truststore
file from the Command Prompt by running the following command:
Replacecd C:\<location_of_truststore>
<location_of_truststore>
with the actual path where yourtruststore
file is stored. - Import the certificate by running the following command:
keytool -importcert -alias ad-core-server -keystore <truststore>.p12 -storetype PKCS12 -storepass <password> -file root.crt
- Navigate to the path of
-
Restart the IBM AD Configuration Server.
- Obtain the ADDI server certificate and copy it
to the host where Z Refactoring Assistant is running.Note: If ADDI is configured to utilize its own generated certificate, its location is
<ADDI install location>\security\self_signed_server_certificate.<DATE_TIME>.crt
- Copy the ADDI certificate to the directory
/etc/pki/ca-trust/source/anchors on the Linux® and run the following command.
update-ca-trust
Note: If the AD database is on a different server and uses a self-signed certificate, copy the certificate to the /etc/pki/ca-trust/source/anchors directory as well before you run theFor more information, see Red Hat Documentation.update-ca-trust
command. -
Note: Skip this step if IBM AD Configuration Server is configured to communicate without a certificate.Note: If you are not able to read the content of the zookeeper.crt file, then place the file (ensure the certificate is named as zookeeper.crt) in the directory instead of creating a symlink.In the /path/to/certificates directory, run the following command to create the symlink:
Replaceln -s /etc/pki/ca-trust/source/anchors/<the_certificate> zookeeper.crt
<the_certificate>
with the ADDI certificate that you copied from the previous step. -
Obtain a properly signed certificate and private key for Z Refactoring Assistant itself. Place those files in the
/path/to/certificates
directory as well:Name Description refactoring-assistant-ui.crt
Certificate for Z Refactoring Assistant refactoring-assistant-ui.key
Private key for the certificate If no certificate and key is provided, Z Refactoring Assistant generates a self-signed certificate to use.