Using a custom trust store

You can use a custom trust store in the Jenkins build step of a Rational® Test Automation Server Jenkins plugin to establish a trusted and secure connection between the Jenkins server and Rational® Test Automation Server.

Before you begin

You must have configured the certificate that is used by Rational® Test Automation Server as a trusted CA, and then install Rational® Test Automation Server. See Installation of the server software.

About this task

If the SSL certificate assigned to Rational® Test Automation Server is signed by an internal Certified Authority (CA), then you must download and import the CA certificate to a custom trust store. You can then use the custom trust store in the Jenkins plugin build step to establish a trusted and secure connection between the Jenkins server and Rational® Test Automation Server.

Note: If the internal CA certificate is already imported to the default trust store that is used by the Jenkins server, you need not use a custom trust store.
Restriction:

When you use Red Hat Enterprise Linux (RHEL) operating systems for Jenkins, you must run the Jenkins service with a user who has access to the custom trust store path to utilize the custom trust store feature. To change the Jenkins user, you must open the /etc/sysconfig/jenkins file and set the JENKINS_USER to the user who has access to the custom trust store path.

You can then run the following commands to set JENKINS_USER to another user who has access to the path of the custom trust store:
$JENKINS_USER= <username>

For example, $JENKINS_USER= <user1>

Note: You must ensure that the user account is available in the /etc/passwd file.

You can then run the following commands to change the ownership of the Jenkins folder:

chown -R username:username /var/lib/jenkins
chown -R username:username /var/cache/jenkins
chown -R username:username /var/log/jenkins

For example,

chown -R user1:user1 /var/lib/jenkins

chown -R user1:user1 /var/cache/jenkins

chown -R user1:user1 /var/log/jenkins

After the change of ownership is complete, run the following command to restart the Jenkins server:
/etc/init.d/jenkins restart

Procedure

  1. Locate the default trust store file (cacerts file) in your JRE directory from your computer, and then copy the file to a location of your choice on your computer.
  2. Run the following command from the command prompt or terminal to import the CA certificate to your custom trust store: 
    keytool -import -trustcacerts -file <path to the downloaded CA certificate with the file extension> -alias <custom label for the certificate> -keystore <path to the trust store>

    For example,

    keytool -import -trustcacerts -file C:\Users\ca file.crt -alias alias1 -keystore D:\cert\cacerts

    Note: The default password of the trust store is changeit. It remains the same for the custom trust store. If you want to change the password, you can run the following command, and then enter the new password:
    keytool -storepasswd -keystore <path to the trust store>

    For example, keytool -storepasswd -keystore D:\cert\cacerts

Results

You have successfully imported the downloaded CA certificate to the custom trust store.

What to do next

You can add the Rational® Test Automation Server tests to the Jenkins build step, and then run the tests from the Jenkins server.