It's all about the answers!

Ask a question

How install certificate in Jazz CLM + JAS environment


Dmitry A. Lesin (23423373) | asked Apr 22 '20, 2:30 a.m.
edited Apr 22 '20, 2:31 a.m.

Hello!
Sorry, I'm not a big expert in installation of certificates, and I can not understand how properly do it. I have environment where enabled SSO and installed next solutions:
1. Jazz CLM (everything - RDNG, RQM, RTC, etc) v6.0.6.1, based on Liberty/Derby
2. Jazz Authorization Server v6.0.6.1, based on Liberty/Derby

My goal is install certificate generated with certbot and got from letsencrypt.org. Earlier, I was always doing next:
1. Generate new certificate or update an existing one with certbot
2. Exporting it to key.p12
3. Updating the existing certificate in the key datastore of Jazz CLM Liberty profile performing something like next:

sudo openssl pkcs12 -export -out keyin full.p12 -in /etc/letsencrypt/live/jazz.DOMAIN.com/fullchain.pem -name default -inkey /etc/letsencrypt/live/jazz.DOMAIN.com/privkey.pem -password pass:123456


But now I'm in full misunderstanding. Could somebody explain me in simple words what I must to do? Must I update it for JAS Liberty only, or for both Liberty profiles in Jazz CLM and JAS, or do something else. The problem is that the old procedure described above doesn't work anymore. Sorry, I don't understand the sense of the action that must be done, so it can be enough for me general explanation without deep technical details.
Thank you very much for any help!

Accepted answer


permanent link
Shradha Srivastav (34839) | answered Apr 22 '20, 2:51 a.m.
edited Apr 22 '20, 5:22 a.m.
Hi Dmitry,

You can refer below link for the steps to install and configure certificates.


Also, if JAS and JTS is not behind IBM HTTP Server (IHS) you need to install certificates for both JAS (Liberty) and CLM (Liberty). If its behind IHS then IHS needs to be configured with CA certificates, You could chose to skip configuring CA certificates to the Applications behind IHS

Hope it answers your question.

Regards,
Shradha

Dmitry A. Lesin selected this answer as the correct answer

Comments
Dmitry A. Lesin commented Apr 22 '20, 3:36 a.m.
Hi Shradha,
Sorry, but the link that you pointed is asking for additional credentials in a popup windows, following just for the page with registration by Jazz user ID. As if the page is closed and designed for internal usage only. Do you know something about that? Is it temporarily limited, or is there a limited only access to it?
Thank you!


Dmitry A. Lesin commented Apr 22 '20, 3:39 a.m.

Shradha Srivastav commented Apr 22 '20, 5:23 a.m.

Just noticed the URL was not correct, updated the same.


Dmitry A. Lesin commented Apr 22 '20, 6:46 a.m.
Hi Shradha,
Thank you very much! Both Liberty server must be really configured with the same certificates and it will work. You helped me very much today taking into account a very hard deadline for this work.

Your answer


Register or to post your answer.