IBM Support

Configuring Rational Directory Administrator for TLS 1.2 HTTPS encryption

How To


Summary

The web front end IBM Rational Directory Administrator(RDA) for Rational Directory Server (RDS) can be configured to serve up content using HTTPS TLS 1.2 encryption and requires additional configuration steps to achieve this.

Objective

Configure RDA to use TLS 1.2

Environment

Windows or Linux machine running RDA

Steps

To run the RDA with TLS1.2 we need to follow the below steps in addition to the documented steps for running RDA with SSL.

1. In the server.xml file, need to add below lines for TLSv1.2 below the "featureManager" tag:
<ssl id="defaultSSLConfig"
   sslProtocol="TLSv1.2"/>

So resultant config will look as below:

<featureManager>
     <feature>jsp-2.2</feature>
     <feature>ssl-1.0</feature>   
</featureManager>

<ssl id="defaultSSLConfig"
   sslProtocol="TLSv1.2"/>

2. Restart the RDA (WLP) server

3. In the Internet Explorer, enable 'Use TLS1.2' option as below.

                3.1 Open Internet Explorer

                3.2 Go to Tools

                3.3 Go to Internet options

                3.4 Go to Advanced

                3.5 In the Security section, "Enable Use TLS 1.2"

4. Now check the UI with HTTPS. It should run with TLS1.2

Additional Information

Prerequisites:
Ensure to complete the following steps first (enabling SSL)

1. Stop the RDA (WLP) server using below command (example using Windows, use corresponding paths and server.sh on Linux):

                C:\Program Files (x86)\ibm\Rational\RDA_6.0.0.2\WebAppsServer\WLP_8.5.5.2\bin>server.bat stop              

2. Create SSL certificates (or use appropriate corporate certificates, example using Windows, use corresponding paths and commands on Linux):

                Go to C:\Program Files (x86)\IBM\Rational\RDA_6.0.0.2\WebAppsServer\WLP_8.5.5.2\bin>

                Run below command (adjust parameters to your own requirements):

                securityUtility createSSLCertificate --server=defaultServer --password=Tlogic1234

                              

3. Verify that there is a file created key.jks under resources\security:

                While running the command in step 2, it displays below line containing the location where key.jks is getting created.

                Creating keystore C:\RDS_Work\defaultServer\resources\security\key.jks

4. Add the following lines to the server.xml  (located in C:\Program Files (x86)\IBM\Rational\RDA_6.X\WebAppsServer\WLP_8.X\usr\servers\defaultServer\ ) to enable SSL

                              

                <featureManager>

                               <feature>ssl-1.0</feature>

                 </featureManager>

              

                <httpEndpoint id="defaultHttpEndpoint"

                  host="<RDS Host name>"

                  httpPort="8086"

                  httpsPort="9443" />

                <keyStore id="defaultKeyStore" password="<password>" location="<keystore_path_determined_in_step_3>" />

              

              

5. Restart the RDA (WLP) server and access using (https://<RDA_Hostname>:9443/webrda/rda).

Document Location

Worldwide

Operating System

Cross Brand:All operating systems listed

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSWND3","label":"Rational Directory Administrator"},"Component":"Web GUI, Web Server","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.0.0.2+","Edition":"","Line of Business":{"code":"LOB15","label":"Integration"}}]

Product Synonym

Rational Directory Administrator;RDA;RDS GUI

Document Information

Modified date:
05 August 2020

UID

ibm16114004

Page Feedback