Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

In order to run RMsis on SSL (over https), a certificate must be created and registered with RMsis. Please note that

  • This document assumes Tomcat, while installing the security certificate.
  • JKS is supported from RMsis 1.3.0 - r.29 onwards.
  • PKCS#11 and PKCS#12 are supported from RMsis 1.4.1 - r.43 onwards.

Installing Certificate for RMsis, when JIRA is running on HTTPS

If JIRA is running on HTTPS, a Public Security Certificate is expected to be installed and accessed by RMsis. Else the system will raise a security exception and communication between RMsis and JIRA will fail. Here is a brief description of the background and action which needs to be taken.
Background
RMsis comprises of two components:
  • A Plugin which integrates with JIRA.
  • RMsis Server, which runs independently on Tomcat and communicates with JIRA through the RMsis-JIRA Plugin.
  • Secure communication channel requires RMsis access to public security certificate before establishing communication channel between 2 applications.
Recommendation
In case of an exception, you will need to add security certificate of JIRA Server in java trust store which resides at <JRE_PATH>\lib\security\cacerts. Below is a small how-to for certificate installation.
  • Ensure that JIRA Server is running.
  • Unzip and extract InstallCert.class and InstallCert$SavingTrustManager.class to some location (from where java path is accessible). [Download ZIP]
  • Run InstallCert binary (attached in e-mail) using command line.
    • $ java InstallCert <JIRA_SERVER>:<JIRA_SERVER_PORT>
    • In case you are using the default port, JIRA_SERVER_PORT parameter is optional
    • Follow the subsequent instructions in the program
  • This will create new file with name jssecacert in current directory. Just copy this file to <JRE_PATH>\lib\security\cacerts.
  • Restart JIRA and try again with RMsis.

Generating a Self Signed Certificate

If you are using RMsis within a closed group or Intranet, you can use a self signed certificate.

Run keytool on commend line, which is available with JAVA 1.6, and enter the responses against the prompt (a sample is shown here)

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password: // Password for your java keystore, it is 'changeit' by default
What is your first and last name?
	RMSIS_SERVER // Enter fully qualified server name; for example jira-rmsis.optimizory.com
What is the name of your organizational unit?
  [Unknown]: ORG_UNIT_NAME
What is the name of your organization?
  [Unknown]: ORG_NAME
What is the name of your City or Locality?
  [Unknown]: CITY
What is the name of your State or Province?
  [Unknown]: STATE
What is the two-letter country code for this unit?
  [Unknown]: US
Is <CN=ORG_UNIT_NAME, OU=ORG_UNIT, O=ORG_NAME, L=CITY, ST=STATE, C=US> correct?
  [no]: yes

Enter the key password for <key-alias>
	<RETURN if same as keystore password>: <> // Press Return here and do not specify a password.

Now export the certificate to use it with Tomcat

$JAVA_HOME/bin/keytool -export -alias tomcat -file file.cer

 

Importing Certificate into Trust Store

If you already have an existing certificate available (for example from a CA like Verisign), please perform the following operation as root (or sudo)

$JAVA_HOME/bin/keytool -import -alias tomcat -file file.cer
References

 

 

  • No labels