Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How install certificate in Jazz CLM + JAS environment

Questions
Tags
Users
Badges
Dmitry A. Lesin
(24826996) edited
Apr 22 '20, 2:31 a.m.

Hello!
Sorry, I'm not a big expert in installation of certificates, and I can not understand how properly do it. I have environment where enabled SSO and installed next solutions:
1. Jazz CLM (everything - RDNG, RQM, RTC, etc) v6.0.6.1, based on Liberty/Derby
2. Jazz Authorization Server v6.0.6.1, based on Liberty/Derby

My goal is install certificate generated with certbot and got from letsencrypt.org. Earlier, I was always doing next:
1. Generate new certificate or update an existing one with certbot
2. Exporting it to key.p12
3. Updating the existing certificate in the key datastore of Jazz CLM Liberty profile performing something like next:

sudo openssl pkcs12 -export -out keyin full.p12 -in /etc/letsencrypt/live/jazz.DOMAIN.com/fullchain.pem -name default -inkey /etc/letsencrypt/live/jazz.DOMAIN.com/privkey.pem -password pass:123456


But now I'm in full misunderstanding. Could somebody explain me in simple words what I must to do? Must I update it for JAS Liberty only, or for both Liberty profiles in Jazz CLM and JAS, or do something else. The problem is that the old procedure described above doesn't work anymore. Sorry, I don't understand the sense of the action that must be done, so it can be enough for me general explanation without deep technical details.
Thank you very much for any help!

0 votes

1 answer
2,172 views
0 votes

Accepted answer

Permanent link
Shradha Srivastav
(348413) edited
Apr 22 '20, 5:22 a.m.
Hi Dmitry,

You can refer below link for the steps to install and configure certificates.


Also, if JAS and JTS is not behind IBM HTTP Server (IHS) you need to install certificates for both JAS (Liberty) and CLM (Liberty). If its behind IHS then IHS needs to be configured with CA certificates, You could chose to skip configuring CA certificates to the Applications behind IHS

Hope it answers your question.

Regards,
Shradha

Dmitry A. Lesin selected this answer as the correct answer

1 vote

Comments
Dmitry A. Lesin
Apr 22 '20, 3:36 a.m.
Hi Shradha,
Sorry, but the link that you pointed is asking for additional credentials in a popup windows, following just for the page with registration by Jazz user ID. As if the page is closed and designed for internal usage only. Do you know something about that? Is it temporarily limited, or is there a limited only access to it?
Thank you!

Dmitry A. Lesin
Apr 22 '20, 3:39 a.m.
If found, your link works by:


Shradha Srivastav
Apr 22 '20, 5:23 a.m.

Just noticed the URL was not correct, updated the same.

Dmitry A. Lesin
Apr 22 '20, 6:46 a.m.
Hi Shradha,
Thank you very much! Both Liberty server must be really configured with the same certificates and it will work. You helped me very much today taking into account a very hard deadline for this work.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,566
× 2,370
× 1,396
× 36
× 31

Question asked: Apr 22 '20, 2:30 a.m.

Question was seen: 2,172 times

Last updated: Apr 22 '20, 6:46 a.m.

Confirmation Cancel Confirm