Configuring RSA key exchange

RSA is a public key encryption algorithm that uses separate keys for encryption and decryption. You may want to use RSA key exchange if your organization stores sensitive information in Helix ALM products and administrators use the license server admin utility clients outside of your network and log in with a username and password.

If you use RSA key exchange, a public key fingerprint must be imported to all license server admin clients that connect to the license server.

1. Click Server Options.

The Server Options dialog box opens.

2. Select the Security category.

3. Select Encrypt communication between the license server and other applications and Use RSA key exchange.

You are prompted that all admin users will need to modify their server settings if RSA is enabled.

4. Click Yes.

A public key is generated on the license server. The Fingerprint field displays the public key fingerprint, which is a short version of the public key. Public and private keys are stored in the rsakeys directory in the Helix ALM License Server application directory on the server computer. To keep these key files secure, make sure only the user that runs the license server has read and modify access to them.

If you clear the Use RSA key exchange option, you are prompted that all admin users will need to modify their server settings. Click OK if you no longer want to use RSA. Make sure the public key fingerprint is removed from server connection settings in native server admin utility clients and in the License Server CGI Configuration utility for the web server admin utility client.

5. Click Download Public Key to save an XML file that contains the license server address, port number, and public key fingerprint.

This file must be distributed to users so they can import it to license server admin clients that connect to the server. Make sure the file is securely stored and only administrative users have access to modify it. If a hacker has unauthorized access to the file, changes it, and it is imported to clients, your license server installation could be hacked.

The server address in the XML file includes the default hostname of the license server computer. If users with license server admin permissions connect to the server from outside the local network, you must manually update the server address in the server settings file before providing it to users.

6. Click OK to save the changes.

7. Import the server settings file to license server admin clients or CGIs that connect to the server.

Native admin client—See Adding server connections.
Web admin clients—See Changing web server admin utility CGI settings.

If you suspect the private key on the license server was compromised because of unauthorized server access, regenerate the public and private key pair. Click Regenerate Key Pair and click OK when you are prompted to generate the new keys. If you regenerate the keys, you must download a new server settings file and update all license server admin utility clients that connect to the server.