How to request and configure an SSL cerificate for CLM 501 running Apache Tomcat
Hi,
Currently we are in the process of migrating the existing CLM 501 environment on to a new hardware.
In the current server we noticed that in the directory - C:\Program Files\IBM\JazzTeamServer\server\tomcat
There is a file - ibm-team-ssl.keystore that come along with the installation
Also noticed two new files - Look like these files are obtained from the self signed certificate authority
abc-team-ssl.jks and abc-team-ssl.jks.qer
What we are trying to find out is - Do we need to generate some files from Apache Tomcat and sent to Identity Management Team for getting it signed.
Note: In websphere there is way we can generate a file then sent it to the identity management team and import the signed certificate back into WAS. Following this way can get pass the browser exception error.
11 answers
Hi Team,
Finally I only figured out based on my testing against staging server.
Note that we would need separate certificate (Signed by CA) for each application server.
The process go as below
1. Hope you have received signed certificate back from your CA keep it in a folder.
2. Launch the ikeyman.exe tool and open the key.jks file by typing the password given at the time of creation.
3.In the certificate folder where you have stored the signed certificates received from CA you will find one with the host name.
4. Under personal certificate option from ikeyman click on Receive and choose only the hostname one.
4. The next step would be to choose option Signer Certificate from the drop down and Click on ADD to add all the certificate including the first one.
5. Now if you verify the key.jks file size which might have increased.
6. The final step would be is to edit the server.xml file and replace the default key - ibm-team-ssl.keystore with .jks file and the password.
7. Restart the tomcat services will help you to get rid of security exception in webbrowser.
page 2of 1 pagesof 2 pages