This article describes how to configure iRise Connect for IBM Rational (v9.2 or higher) to connect with an TLS enabled Definition Center and IBM Rational Requirements Composer.

If the Definition Center and IBM RRC are using certificates from an external trusted certificate authority (Verisign, Thawte, etc.), iRise Connect for IBM Rational needs no further configuration changes to correct with both pieces of software.

If either the Definition Center or IBM RRC use a certificate from a non-trusted or internal certificate authority the following steps are necessary to to configure iRise Connect for IBM Rational to talk to that software

If you have access to the internal or non-trusted root and intermediate certificates used for either IBM RRC or the Definition Center, you can skip theExport Certificates sections

​Export Certificates from IBM RRC

If you are running IBM RRC with a certificate from a non-trusted or internal root authority, the certificate and intermediate certificates for that root authority will be contained in the cacerts and keystore files for IBM RRC. The following steps will guide you through exporting the certificates from the cacerts and keystore files.

1. login to the system where IBM RRC is installed and navigate to the following directory in a command prompt. Substitue your installation path for the bit in italics:

INSTALLATION_PATH\iBM\JazzTeamServer\server\jre\bin.

2. To discover the alias used in the cacerts file for your root authority type the following command at the prompt. You will be prompted for the password for the cacerts file:

keytool -list -keystore INSTALLATION_PATH \IBM\JazzTeamServer\server\jre\lib\security\cacerts -v 

3. Search through the output and note the name of the alias for the entry that represents your internal or non-trusted root authority. Type the following at the command prompt to export the certificate substitute the alias you discovered in the previous step. This command exports the certificate to a file named ibm_rrc_rootcert.cer in the current working directory. You will again be prompted for the password for the cacerts file:

keytool -export -alias ALIAS -keystore INSTALLATION_PATH\IBM\JazzTeamServer\server\jre\lib\security\cacerts -file ibm_rrc_rootcert.cer

4. Next export the certificate for the application from the application keystore by entering the following at the command prompt:

keytool -export -alias ibm-team -file PATH\ibm_rrc_intermediatecert.cer -keystore INSTALLATION_PATH\IBM\JazzTeamServer\server\tomcat\ibm-team-ssl.keystore

NOTE: By default IBM RRC's keystore is located at INSTALLATION_PATH\IBM\JazzTeamServer\server\tomcat\ibm-team-ssl.keystore. The alias is ibm-team. If any of these values have been changed, please modify the above command accordingly

​Export Certificates from iRise Definition Center

If you are running the Definition Center with a certificate from a non-trusted or internal root authority, the certificate and intermediate certificates for that root authority will be contained in the cacerts and keystore files for the Definition Center. The following steps will guide you through exporting the certificates from the cacerts and keystore files.

1. login to the system where the Definition Center is installed and navigate to the following directory in a command prompt. Substitue your installation path for the bit in italics:

INSTALLATION_PATH\iRise\DefCenter\jvm64\jre\bin

2. To discover the alias used in the cacerts file for your root authority type the following command at the prompt. You will be prompted for the password for the cacerts file:

keytool -list -keystore INSTALLATION_PATH \iRise\DefCenter\jvm64\jre\lib\security\cacerts -v 

3. Search through the output and note the name of the alias for the entry that represents your internal or non-trusted root authority. Type the following at the command prompt to export the certificate substitute the alias you discovered in the previous step. This command exports the certificate to a file named irise_dc_rootcert.cer in the current working directory. You will again be prompted for the password for the cacerts file:

keytool -export -alias ALIAS -keystore INSTALLATION_PATH\iRise\DefCenter\jvm64\jre\lib\security\cacerts -file irise_dc_rootcert.cer

4. Next export any intermediate certificates for the application from the application keystore by entering the following at the command prompt:

keytool -export -alias ALIAS -file PATH\irise_dc_intermediatecert.cer -keystore INSTALLATION_PATH\iRise\DefCenter\Tomcat\conf\keystore.jks

​Import Certificates into iRise Connect for IBM Rational

1. Stop the iRise Connect for IBM Rational service if it is running

Open a command prompt and navigate to the following directory:

INSTALLATION_PATH\iRiseConnectForIBMRational\jvm64\jre\bin

Import each unique certificate generated in the steps above to the cacerts file for iRise Connect for IBM Rational. Below is a sample command for importing one of these files. You will be prompted for the password for the cacerts file:

keytool -import -trustcacerts -file irise_ibmdoors_rootcert.cer -alias MY_COMPANY_ROOT -keystore INSTALLATION_PATH\iRiseConnect ForIBMRational\jvm64\jre\lib\security\cacerts

Please do not hesitate to contact iRise Customer Support if you have any difficulties with the steps above.

Did this answer your question?