Question & Answer
Question
How tdo you create your own certificate for server side security in IBM Rational DOORS?
Answer
Simplest way to enable 'secure' connection Using Default Certificate:
1. use default certificates
2. add a rule to 'hosts' file to map 'IBEDSERV' to the server's ip (if client will be run in a different machine, 'hosts' file of both client and server should be updated for this).
3. run doorsd with '-secure ON' flag (make sure server side security is disabled with
'-serverSecurityDisable':
doorsd.exe -debug -s "C:\data\official_9.5" -p 36700 -serverhostname IBMEDSERV -secure ON -serverSecurityDisable
4. run DOORS client:
doors.exe -data 36700@IBMEDSERV
Client should run without any problems. Once this is tested and verified, repeat the test above with custom certificates. Note: If for example, certificates are generated with a different name than IBMEDSERV, server and client should be started with that name.
Once the 'secure' mode are configured and tested. Then test server side security.
Enable server side security:
1. Start a broker from DWA installation
2. Restart 'doorsd' by enabling server side security:
doorsd.exe -debug -s "C:\data\official_9.5" -p 36700 -serverhostname IBMEDSERV -secure ON -serverSecurityEnable
3. Run an interop server:
doors.exe -interop -data 36700@IBMEDSERV
4. Run a client:
doors.exe -data 36700@IBMEDSERV
NOTE: In the examples above, all of the components are running in same machine. For this reason arguments for broker host/port are not needed.
Creating you won Certificate using GSKIT 7 or 8:
1. Creating the key database for the Server, here are the command:
Version 7:
gsk7capicmd -keydb -create -db <filename>.kdb -pw <password> -stash
Version 8:
gsk8capicmd -keydb -create -populate -db <filename>.kdb -pw <password> -stash
2.Creating a self-signed certificate
gsk8capicmd -cert -create -db server.kdb -stashed -dn "CN=myserver,OU=mynetwork,O=mycompany,C=mycountry" -expire 7300 -label "My self-signed certificate" -default_cert yes
3. Create a key db for client machine.
Installing the certificate on client systems
1.Extract the public part to a file using the following command:
gsk8capicmd -cert -extract -db server.kdb -stashed -label "My self-signed certificate" -format ascii -target mycert.arm
2. Distribute mycert.arm to the clients.
3. Add the new certificate to the clients' key database as follows:
gsk8capicmd -cert -add -db client.kdb -stashed -label "Server self-signed certificate" -file mycert.arm -format ascii -trust enable
NOTE: These certificates can be stored at the default location for DOORS, else you will have to specify the location for the certificate when you start DOORS Server.
So when you have your own self signed certificate you will have to mentioned the name of the certificate by the command line switch while starting the server:
-certName "CUSTOMSV1".
Example Command:
doorsd.exe -debug -s "C:\Program Files\IBM\Rational\DOORS\9.5\data_se5000"-p 37779 -keyDB "C:\Program Files\IBM\Rational\DOORS\9.5\certdb\server_authentication.kdb" -serverhostname bropc440 -certName "CUSTOMSV1" -secure ON-serverSecurityDisable
Work flow diagram for Server Side Security:
All source code and/or binaries attached to this document are referred to here as "the Program". IBM is not providing program services of any kind for the Program. IBM is providing the Program on an "AS IS" basis without warranty of any kind. IBM WILL NOT BE LIABLE FOR ANY ACTUAL, DIRECT, SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), EVEN IF IBM, OR ITS RESELLER, HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. |
|---|
Was this topic helpful?
Document Information
Modified date:
01 May 2020
UID
swg21985806