For the Jazz Liberty setup, these steps seem to work to generate a certificate valid for two years:
- Shutdown Liberty
- Open a command prompt and navigate to C:\IBM\JazzTeamServer\server\jre\bin
- Rename ibm-team-ssl.keystore to ibm-team-ssl.keystore.old :
> move ..\..\liberty\servers\clm\resources\security\ibm-team-ssl.keystore ..\..\liberty\servers\clm\resources\security\ibm-team-ssl.keystore.old - > keytool -genkey -keyalg RSA -alias selfsigned -keystore ..\..\liberty\servers\clm\resources\security\ibm-team-ssl.keystore -storepass ibm-team -validity 730 -keysize 2048 -dname CN=ibmjazz,OU=clm,O=ibm,C=us -ext san=dns:ibmjazz
- Restart Liberty
- In firefox, try to open your jazz server, e.g. task management - you will get a certificate error (because of the new certificate) which you should accept.
- Check the certificate using Tools->Page Info->Security->View Certificate, check the expiry is now two years out and the hostname is now ibmjazz:
NOTE: the default keystore password is ibm-team - if you use a different password you will have to also edit the server.xml and put the new password in.
NOTE: in the above instructions, only do the move once, the second time, delete ibm-team-ssl.keystore otherwise you lose the original file
NOTE: the above instructions also set the hostname in the certificate to ibmjazz, as needed by some clients so that the cert hostname corresponds to the SSL URL hostname https://ibmjazz.
