Enabling server security

To enable server security, you must configure the IBM® Engineering Requirements Management DOORS® (DOORS) database server to use secure connections.

Before you begin

If these components are not installed, install them:
  • DOORS database server
  • DOORS interoperation server
  • ActiveMQ message broker
    Note: You can use the ActiveMQ message broker that is provided with IBM Engineering Requirements Management DOORS - Web Access (DWA) by running the installer. However, you are not required to configure DWA or run the DWA server to use the broker for server security. You can expect server security to use significantly fewer interoperation servers than DWA. Starting two DOORS Interoperation servers for server security is sufficient for most system loads but more may be required as the number of users increase.

Verify that your certificates are valid and not expired. You can use a sample set of certificates to validate your configuration, but do not use them for production.

The DOORS clients,interoperation server, and database server must use the correct server host name. For example, when you use the sample certificates, the server host name must be specified as IBMEDSERV and the clients must connect to the server by using that host name.

Note: You do not need to use the sample certificates that are provided with DOORS. However, if you use another certificate, you must use the -keyDB and -certName parameters for the client,interoperation server, and database server.
Important: You can only connect whitelisted interoperation servers to the database server. You must create a whitelist.dat file at the same level as the v6data directory (that is at the top of the DOORS data directory). If the DOORS database server is started using the -secureInteropByIP switch, the whitelist.dat file must contain the hostname or IP address of the computers running the interoperation servers. If the DOORS database server is started without the -secureInteropByIP switch, the whitelist.dat file must contain the SHA256 fingerprint of the certificates on the computers running the interoperation servers.

About this task

Follow this procedure to enable server security for the platform where your server is installed. When you start the DOORS database server and use the -serverSecurityEnable switch, the option is persistent, so the server security is enabled when you restart. On subsequent restarts, you can omit that switch.

Procedure

What to do next

When the DOORS database server is installed, it does not have a password, so anyone can manage the server. To control who manages your database server, you can set a password with the database server administration tool. For more information see Setting the database server password

When you enable server security, the default authentication method is to enter your user name and password. You can change the authentication method by using a dbadmin command-line switch, -sssAuthenticationMode. When you change the authentication method, you do not need to restart the DOORS database server. For more information, see Changing the authentication method.

If you want to disable server security, use the -serverSecurityDisable and -secure switches.

For example, enter doorsd.exe -debug -serverdata "C:\example\data" -portnumber 36700 -serverSecurityDisable.


Feedback