Enabling SSL Encryption with GSKit

Overview of SSL encryption and use of a key database to store your digital security certificates.

To ensure that communication between Rational® ClearQuest® and the LDAP directory server is private and secure, you might want to enable Secure Sockets Layer (SSL). SSL is a protocol that encrypts data sent between clients and servers, such as Web browsers and Web servers or LDAP clients and LDAP servers. Use SSL to prevent identity thieves from obtaining user IDs and passwords that are sent between Rational ClearQuest and the LDAP directory server.

To ensure secure communications, SSL uses digital certificates. You must store the certificate for the trusted Certificate Authority of your LDAP server's certificates in a key database. The Rational ClearQuest installation procedure installs a utility, Global Security Kit (GSKit iKeyman), that you use to create a key database and create and import certificates.

Attention: A LDAP server that is used to perform SSL authentication must be RFC 5746 compliant. This corrects several security issues related to Transport Layer Security (TLS) renegotiation. An example of a compliant LDAP server is the Tivoli® Directory Server Version 6.3. Use of noncompliant LDAP servers might prevent the creation of SSL connections and thus the ability to log on to Rational ClearQuest. See technote 1469388 for details.

In your role as administrator, perform the following tasks to enable SSL encryption for your project team:

Parent topic: Setting up LDAP authentication
Related concepts:
LDAP configuration steps for Rational ClearQuest
MultiSite considerations
Common LDAP configurations
Configure FIPS 140-2 approved data encryption
Related tasks:
Disabling LDAP authentication
Configuring Rational ClearQuest with LDAP user authentication for TLS 1.2 to support NIST SP 800-131A guidelines
TLS 1.0/1.1 ciphers disabled by default for secure LDAP connections
Related reference:
Collecting LDAP information
Quick-reference LDAP worksheet