Configuring Jetty 8.1.3 to run in HTTPS/SSL mode

After deploying Rational® Change on Jetty 8.1.3, you must configure Jetty to run in the HTTPS/SSL mode.

Procedure

Generate the keystore.
From the JRE_HOME/bin directory, run this command:

keytool -genkey -keystore "$JETTY_HOME/etc/rc.keystore" -alias angler -keyalg RSA

This command requires information about the certificate and passwords to protect both the keystore and the keys within it. You must provide the hostname from the Rational Change server URL. By default, Rational Change 5.2 or 5.3 is set up to use the IP address of the machine for the hostname in the generated URLs. If the generated links use 192.168.10.10, enter this value at the "first and last name" prompt. Doing so ensures that the key is issued to the URL of the website, which stops browsers from displaying an error message that the key and site name do not match.

For example:
```
Enter keystore password: choose a password
What is your first and last name?
[Unknown]: 192.168.10.10
What is the name of your organizational unit?
[Unknown]: Development
What is the name of your organization?
[Unknown]: Rational
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=192.168.10.10, OU=Development, O=Rational, L=Unknown,
ST=Unknown, C=Unknown correct?
[no]: yes

Enter key password for
(RETURN if same as keystore password): choose a password
```

In the jetty.xml file, configure the keystore.

Replace these tags:

<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="jetty.port" default="8888"></Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>

With these tags and the correct keystore path and password:

<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore"><SystemProperty name="jetty.home" default="."
/>/etc/rc.keystore</Set>
<Set name="keyStorePassword">password</Set>
<Set name="keyManagerPassword">password</Set>
<Set name="trustStore"><SystemProperty name="jetty.home" default="."
/>/etc/rc.keystore</Set>
<Set name="trustStorePassword">password</Set>
</New>
</Arg>
<Set name="port">8443</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>

Update the web.xml file in the JETTY_HOME/webapps/context/WEB-INF/ directory.

In this section, change http to https. If necessary, change the port number.

<context-param>
<param-name>protocol</param-name>
<param-value>http</param-value>
</context-param>
<context-param>
<param-name>port</param-name>
<param-value>8600</param-value>
</context-param>

If you are using a central-to-remote configuration, configure your system to use HTTPS between servers in Central Server mode.
For Solaris, add the following line to the beginning of the jetty.sh file in the JETTY_HOME/bin/ directory:
JAVA_OPTIONS="-Djetty.home=$JETTY_HOME -Djetty.log=$JETTY_LOG -Djava.protocol.handler.pkgs=com.ibm.net.ssl.www2.protocol -Xms128m -Xmx512m -server $JAVA_OPTIONS"
Start Jetty 8.1.3.
1. Set the environment variable JRE_HOME to point to the JRE that is shipped and installed with Rational Synergy.
1. From JETTY_HOME, run the java -jar start.jar command.
Enable the server logs by starting Jetty with the following arguments:
java -jar start.jar etc/jetty-logging.xml jetty-debug.xml