Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

This section is valid for RMsis 1.7.5-r.201 onwards.

In the older versions, if reverse proxy was configured, the connection from JIRA to RMsis was through the reverse proxy.

Note

A key point related to mixed use of HTTP and HTTPS.

  • Some of the browsers are now blocking HTTP calls from HTTPS pages.
  • As per some problems reported recently, the users are not able to use RMsis from recent versions of Chrome OR Firefox. 
  • A solution is to 
    • run both RMsis and JIRA on HTTPS
    • OR run both JIRA and RMsis on HTTP

HTTPS Setup Overview

RMsis comprises of two components:
  • RMsis Server, which runs independently on Tomcat
    • RMsis communicates with JIRA through the JIRA Internal URL specified in the configuration.
  • A Plugin which integrates with JIRA.
    • This plugin communicates with a specific (auto configured) port of RMsis.

It may be noted that RMsis and JIRA could be using the same JRE OR different JRE. If they are running on different JRE, adequate care should be taken to ensure that the certificates are installed at the right locations.

Installing Public Certificate for RMsis, when JIRA is running on HTTPS

If JIRA is running on HTTPS, a Public Security Certificate is expected to be installed and accessed by RMsis. For RMsis versions 1.5.2 and later, the system will automatically accept the default certificate configured for JIRA. In case of an exception, you will need to add security certificate of JIRA Server in java trust store which resides at <JRE_PATH>/lib/security/cacerts. Below is a small how-to for certificate installation.

  • Ensure that JIRA Server is running.
  • Unzip and extract InstallCert.class and InstallCert$SavingTrustManager.class to some location (from where java path is accessible). [Download ZIP]
  • Run InstallCert binary using command line.
    • $ java InstallCert <JIRA_SERVER>:<JIRA_SERVER_PORT>
    • In case you are using the default port, JIRA_SERVER_PORT parameter is optional
    • Follow the subsequent instructions in the program
  • This will create new file with name jssecacert in current directory. Just copy this file to <JRE_PATH>/lib/security/cacerts.
  • Restart JIRA and try again with RMsis.

SSL Certificate for RMsis

In order to run RMsis on SSL (over https), a certificate must be created and registered with RMsis. Please note that

  • This document assumes Tomcat, while installing the security certificate.
  • JKS is supported from RMsis 1.3.0 - r.29 onwards.
  • PKCS#11 and PKCS#12 are supported from RMsis 1.4.1 - r.43 onwards.

Generating a Self Signed Certificate

If you are using RMsis within a closed group or Intranet, you can use a self signed certificate.

Run keytool on commend line, which is available with JAVA 1.6, and enter the responses against the prompt (a sample is shown here)

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password: // Password for your java keystore, it is 'changeit' by default
What is your first and last name?
	RMSIS_SERVER // Enter fully qualified server name; for example jira-rmsis.optimizory.com
What is the name of your organizational unit?
  [Unknown]: ORG_UNIT_NAME
What is the name of your organization?
  [Unknown]: ORG_NAME
What is the name of your City or Locality?
  [Unknown]: CITY
What is the name of your State or Province?
  [Unknown]: STATE
What is the two-letter country code for this unit?
  [Unknown]: US
Is <CN=ORG_UNIT_NAME, OU=ORG_UNIT, O=ORG_NAME, L=CITY, ST=STATE, C=US> correct?
  [no]: yes

Enter the key password for <key-alias>
	<RETURN if same as keystore password>: <> // Press Return here and do not specify a password.

Now export the certificate to use it with Tomcat

$JAVA_HOME/bin/keytool -export -alias tomcat -file file.cer

Importing Certificate into Trust Store

If you already have an existing certificate available (for example from a CA like Verisign), please perform the following operation as root (or sudo)

$JAVA_HOME/bin/keytool -import -alias tomcat -file file.cer 

 

 

  • No labels