How to run Rational DOORS in secure mode.

Hello all,

I want to explore Rational DOORS functionality by opening DOORS in a secure mode.

Also, I want to know if the DXL scripts written for the non-secure mode behave differently in the secure mode of DOORS ?

Please guide me if anybody has a clue.

Thanks in advance.

> Akshay.
SystemAdmin - Mon Oct 11 08:07:49 EDT 2010

Re: How to run Rational DOORS in secure mode.
llandale - Thu Oct 14 14:29:39 EDT 2010

Never heard of 'Secure Mode'. If you know of a reference to it please point me to it.

Since I've never heard of it then I'm confident that DXL will indeed work the same; unless perhaps if that DXL does API communication, which is considered taboo in 'secure mode'.

  • Louie

Re: How to run Rational DOORS in secure mode.
SystemAdmin - Fri Oct 15 04:37:03 EDT 2010

llandale - Thu Oct 14 14:29:39 EDT 2010
Never heard of 'Secure Mode'. If you know of a reference to it please point me to it.

Since I've never heard of it then I'm confident that DXL will indeed work the same; unless perhaps if that DXL does API communication, which is considered taboo in 'secure mode'.

  • Louie

Hi Louie,

Thanks for the reply.

The help documentation of DOORS-9.3 states this perticular aspect of securing communication between Server and Client of DOORS.

You can refer this link for DOORS-9.3 help file:
Link: http://publib.boulder.ibm.com/infocenter/doorshlp/v9/index.jsp

In this help file there is a topic for "Security using TLS (Transport Layer Security) certificates" which elaborates this topic as:
Rational DOORS now provides secure encrypted communication between the Rational DOORS client and the Rational DOORS server using Transport Layer Security (TLS).
TLS functions are provided to Rational DOORS by IBM GSKIT.
By default, Rational DOORS is installed with TLS certificates that are ready to use. The certificates offer a quick and easy way to implement a secure system.

Although, this clear mention of sucurity is there, I am not able to understand how to activate it and there is also no adequate documentation for GSKit.

Any help would be much appreciated.

Thanks again.

> Akshay.

Re: How to run Rational DOORS in secure mode.
SystemAdmin - Fri Oct 15 05:22:30 EDT 2010

SystemAdmin - Fri Oct 15 04:37:03 EDT 2010
Hi Louie,

Thanks for the reply.

The help documentation of DOORS-9.3 states this perticular aspect of securing communication between Server and Client of DOORS.

You can refer this link for DOORS-9.3 help file:
Link: http://publib.boulder.ibm.com/infocenter/doorshlp/v9/index.jsp

In this help file there is a topic for "Security using TLS (Transport Layer Security) certificates" which elaborates this topic as:
Rational DOORS now provides secure encrypted communication between the Rational DOORS client and the Rational DOORS server using Transport Layer Security (TLS).
TLS functions are provided to Rational DOORS by IBM GSKIT.
By default, Rational DOORS is installed with TLS certificates that are ready to use. The certificates offer a quick and easy way to implement a secure system.

Although, this clear mention of sucurity is there, I am not able to understand how to activate it and there is also no adequate documentation for GSKit.

Any help would be much appreciated.

Thanks again.

> Akshay.

Reading the help for 9.3 in this page there are mentions of command line switches for DOORS client and DOORS server to start in secure mode. So you use these switches to enable encryption for client - server communications, but how it really works and how to use certificates is not documented. Maybe IBM DOORS Support could help you go forward?

For the IBM GSKIT our friend Google finds quite a lot of documentation, but those go way over my head because I do do not see how those would help in configuring DOORS.

Re: How to run Rational DOORS in secure mode.
SystemAdmin - Wed Oct 27 15:45:33 EDT 2010

Hi *,

DOORS 9.3.0.0 has two big security features/changes: DXL Security and Secure Mode

DXL-Security

When this is enabled only script from trusted locations are avaiable in the DOORS menĂ¼. All reg-keys and command line switches (-addins, -project, ...) are disabled. This feature allows the IT department to control which scripts can be executed on productive environments. Its also not possible to use #include-paths that point to files outsite of the trusted locations. The trusted locations are defined within DOORS for the database. You can define the path(s) to the addins, project, layout and attribute extensions. Also its possible to define a path from which the batch script / cron jobs can be run.

Changes to script behavoiur is normaly not existing, if all dxl/inc files are within the trusted location.

Secure Mode

This is secure transmission between client and server. Its based on certifcates on client and server. If the DB is set up for Secure-Mode, only clients can connect that have the correct certficate. I wrote some more details in another replay (search for PKI in this forum).

Kind regards

Martin