If you have registered Secure Socket Layer (SSL) certificates, your site's users can use SSL when they set up an SCM integration server.

Register SSL Certificates

If you use certificates that are generated in-house, self-signed, or signed by a non-established Certificate Authority, they must be registered with each client system that will connect to the TeamForge server. Registration consists of importing custom certificates into the Java runtime’s global keystore on each server.

  1. Collect the server certificates from all servers. On RHEL, CentOS and other RedHat-based distributions, these are contained in /etc/httpd/conf/ssl.crt/server.crt.

  2. Locate the Java keystore.

    This is PATH_TO_JAVA/jre/lib/security/cacerts. For example, this may be /usr/local/j2sdk1.4.2_10/jre/lib/security/cacerts.

  3. Locate the Java keytool utility.

    This is PATH_TO_JAVA/bin/keytool For example, /usr/local/j2sdk1.4.2_10/bin/keytool.

  4. Import each server certificate into the keystore.

    PATH_TO_JAVA/bin/keytool -import -keystore PATH_TO_JAVA/jre/lib/security/cacerts -file <server>.crt -alias <server>
    
  5. At the password prompt, use changeit. Confirm that you trust the certificate by typing yes.
  6. Verify that all your certificates are added.
    PATH_TO_JAVA/bin/keytool -list -keystore PATH_TO_JAVA/jre/lib/security/cacerts |less
    
  7. If you are running more than one separate server, repeat these steps for each server.
  8. Restart TeamForge

From now on, you can select the Use SSL check box, if required, when creating an SCM integration.

Encrypt Database Network Traffic (On Sites with Remote Database Servers)

To prevent your data from being exposed in a readable format on the network, use the Secure Socket Layer (SSL) to encrypt the network traffic between the Application and the Database servers.

If you have a dedicated database server (operational database or datamart), encrypt the data traffic between the application and database servers and between the ETL and datamart servers.

  1. Stop TeamForge.

    • If you are upgarding from TeamForge 16.7 or earlier releases:
      /etc/init.d/collabnet stop
      
    • If you are upgrading from TeamForge 16.10, 17.1, or 17.4 releases:
      /opt/collabnet/teamforge/bin/teamforge stop
      
    • If you are upgrading from TeamForge 17.8 or later releases:
      teamforge stop
      
  2. Add the following site option tokens to all the TeamForge servers.
    1. If the operational database is running on a separate server, include the token DATABASE_SSL=on.
    2. If the datamart is running on a separate server, include the token REPORTS_DATABASE_SSL=on.

  3. Provision services.
    teamforge provision
    
  4. Verify that your PostgreSQL database is running in the SSL mode.
    1. Log on to the Database Server and run the following command:
      grep "ssl = " var/lib/pgsql/9.6/data/postgresql.conf
      

      Observe:”ssl = on”

Tags for this page: installation ssl