Configuring RSA key exchange

RSA is a public key encryption algorithm that uses separate keys for encryption and decryption. You may want to use RSA key exchange if your organization stores sensitive information in Helix ALM and users log in using a username and password from client applications outside of your network.

If you use RSA key exchange, a public key fingerprint must be imported to all client applications that connect to the Helix ALM Server.

1. Click Server Options. You can also choose View > Server Options.

The Options dialog box opens.

2. Select the Security category.

3. Select Encrypt communication between clients and the server and Use RSA key exchange.

A public key is generated on the Helix ALM Server. The Fingerprint field displays the public key fingerprint, which is a short version of the public key. Public and private keys are stored in the rsakeys directory in the Helix ALM application directory on the server computer. To keep these key files secure, make sure only the user that runs the Helix ALM Server has read and modify access to them.

Note: If you clear the Use RSA key exchange option, you are prompted that all users will need to modify their server settings. Click OK if you no longer want to use RSA. Make sure the public key fingerprint is removed from server connection settings in desktop clients and server settings in the Helix ALM Registry Utility for web clients.

4. Click Download Public Key to save an XML file that contains the Helix ALM Server address, port number, and public key fingerprint.

This file must be distributed to users so they can import it to clients that connect to the server. Make sure the file is securely stored and only administrative users have access to modify it. If a hacker has unauthorized access to the file, changes it, and it is imported to clients, your installation could be hacked.

Note: The server address in the XML file includes the default hostname of the server computer. If users connect to the server from outside the local network, you must manually update the server address in the server settings file before providing it to users.

5. Click OK to save the changes.

6. Import the server settings file to Helix ALM clients or CGIs that connect to the server.

Helix ALM Client and add-ins—See the Helix ALM help.
Helix ALM Server Admin Utility—See Adding server connections.
Helix ALM web clients—See the Registry Utility help.

Tip: If you suspect the private key on the server was compromised because of unauthorized server access, regenerate the public and private key pair. Click Regenerate Key Pair and click OK when you are prompted to generate the new keys. If you regenerate the keys, you must download a new server settings file and update all client applications that connect to the server.