Introduction:
Compass Web client is accessed through a web URL on intranet / internet. Hence it becomes important and necessary to protect your data from threats/risks. To make sure your Compass Web client is secure, it needs to be configured with SSL (Secured Socket Layer) connection. This documentation will walk you through the steps for configuring Compass Web client with SSL communications.

Environment:

HCL Compass version: 2.1.0
IBM HTTP Server (IHS) : 9.0.0.10
IBM WebSphere Application Server (WAS) version: 9.0.0.10

Important Notes:

  1. IBM HTTP Server is the most popular web server, and IBM WebSphere Application Server (WAS) is the most popular application server, used for Compass Web application. Hence this documentation discusses about using IHS and WAS for configuring SSL connection
  2. In this documentation we have discussed creating self-signed certificate for configuring SSL connection. If you have security certificates issued by a third-party certification authority, you need to import them

When we install and configure Compass Web client for the first time, the SSL connection is not configured / enabled by default. If we try to access the Compass Web URL on HTTPS port, i.e https://<hostname>/cqweb/ , it throws the following error:

 

We will now enable SSL connection on Compass Web with the following steps.

Step-1: We need to create server certificate and key database file on the web server. The following screenshots will show how to create server certificate and key database file using IBM HTTP Server Key Management utility (briefly called as IKEYMAN utility) (graphical user interface):

Run Key Management Utility (iKeyMan) as administrator

Click on Key database file > New

Click on OK

It will prompt you for creating a password as mentioned in the below screenshot. Enter the password as per your choice and confirm it and click on OK.

Note: Make sure you remember / note this password for future reference

After clicking on OK, it confirms that the action is completed, as highlighted in below screenshot. The key database file is now created.

We will now create a personal certificate

Select Personal certificates from Key database content frame > click on New self-signed…

Enter key label and click on OK. The common name is usually the hostname where the certificate is being created:

The below screenshot confirms that personal certificate is created:

Note: If you have security certificates issued by third party certificate authority, refer the link no. 2 mentioned at the end of this documentation, to receive the certificate instead of creating self-signed certificate

Step-2: Enable SSL in IHS config file httpd.conf. to do this, we will uncomment necessary lines from line no. 798 to line no. 806 under ibm_ssl_module . Once done, restart I.H.S service for the changes to take effect.

Step-3: Accessing Compass Web server on the server itself:

Access CQWeb URL on HTTPS port i.e https://<hostname>/cqweb/ locally on the Compass Web server, and it should now allow you to logon to Compass Web.

Following screenshot shows Compass Web being accessed on the URL https://localhost/cqweb/:

Step-4: Accessing Compass Web URL outside server:

If you replace <hostname> with the actual hostname or IP address of Compass Web server, the URL can be accessed from outside the Compass Web server as well.

Note: Since we have used self-signed certificate and not the one from a certification authority, the above screen complains about invalid security certificate. The CA certificate should not throw this warning

Reference links:

  1. Configuring secure connections

https://help.hcltechsw.com/compass/2.1.0/com.hcl.compass.doc/webhelp/oxy_ex-1/com.ibm.rational.clearquest.webadmin.doc/topics/c_cqwsvr_secur_conn_config.html

  1. Securing with SSL Communications
    https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=environment-securing-ssl-communications
  2. Managing keys with the IKEYMAN graphical interface (Distributed systems)
    https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=environment-managing-keys-ikeyman-graphical-interface-distributed-systems
  3. Creating a self-signed certificate
    https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=systems-creating-self-signed-certificate
  4. Receiving a signed certificate from a certificate authority

https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=systems-receiving-signed-certificate-from-certificate-authority

Comment wrap
Further Reading
article-img
Secure DevOps | May 25, 2022
SETUP HCL COMPASS SEARCH FOR REST API SERVER
Ensure HCL Compass is installed in your machine and have valid credentials to login into repository.
article-img
Secure DevOps | May 19, 2022
INSTALL HCL COMPASS WITH REST-SERVER (TRIAL VERSION)
This article helps to install and setup HCL Compass in your machine which runs on rest server (without WAS)
article-img
Secure DevOps | February 25, 2022
HCL Compass Webhooks in Action
This article talks about Webhooks in HCL Compass. Webhooks are nothing but automated data sent from an app when something is triggered. In our case, HCL Compass is the app which sends the Webhook data, which is also called as Payload.
Close
Filters result by
Sort:
|