You can replace the generated self-signed certificate used by Rhapsody by default with another certificate. This is particularly useful if your organization generates their own certificates and so has configured their own certificate authority (CA). If the computers running the Rhapsody IDE and web browsers for the Management Console already trust this certificate authority, then the certificate issued to the Rhapsody engine is trusted automatically.
Ensure you use SHA256 certificates when using TLSv1.2. SHA512 certificates are not universally supported.
Management Console
Refer to Using a User-defined Certificate for the HTTPS Mode for details on custom certificates for the Management Console.
Rhapsody IDE
By default, the IDE connector in the Rhapsody engine uses exactly the same SSL certificate as configured for the Management Console. However, if required it can be changed to use its own SSL certificate instead. The rhapsody.properties file contains a number of options that can be configured to customize the certificate used for the SSL connection.
Changes made to the rhapsody.properties file take effect after the Rhapsody engine is restarted.
| Property Name | Description | Default Value |
|---|---|---|
AdministrationManager.AdminPort |
The TCP port that the IDE connector listens on for connections from the Rhapsody IDE. | 3041 |
AdministrationManager.BroadcastPort |
The UDP port that the IDE connector listens to in order to broadcast its availability. | 4031 |
AdministrationManager.MaxAdminSockets |
The maximum number of administration connections from the Rhapsody IDE that may be opened at once. | 20 |
AdministrationManager.LoginTimeout |
The time in seconds that a newly connected Rhapsody IDE has to perform a login before the connection is dropped. | 30 |
AdministrationManager.keystore |
The name of the keystore file that contains the private key that should be used. This can be either an absolute path, or a path relative to the <Rhapsody>/Rhapsody directory. |
Management Console keystore. |
AdministrationManager.keystoretype |
The type of keystore that is being used. These are described in more detail in the documentation for the Java keytool application, but the main ones that are relevant here are JKS (the Java keystore type) and PKCS12 (a .pfx file). |
Management Console keystore type. |
AdministrationManager.password |
The password for the keystore containing the private key that should be used. | Management Console keystore password. |
AdministrationManager.keypassword |
The password for the key within the keystore that should be used. | Management Console keystore key password. |
A restart is required in order for Rhapsody to pick up changes in the rhapsody.properties file.
For example, to use a custom private key, place it in the <RhapsodyInstallDirectory>\Rhapsody directory, then add or replace the following lines in the rhapsody.properties file:
AdministrationManager.keystore=<Filename>.pfx AdministrationManager.password=<password> AdministrationManager.keypassword=<password> AdministrationManager.keystoretype=PKCS12
For PFX files, the store password and key password are the same, as they only contain a single private key. This is often not the case when using Java keystore files.
Instead of using the PFX file directory, you can import PFX files into a Java keystore using the Java keytool application. Refer to Key and Certificate Management Tool for details.
SOAP API
Refer to Framework Settings for details on custom certificates for the SOAP API.