This documentation supports the 9.0 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

Configuring the REST API

The primary reason for using Secure Sockets Layer (SSL) certificates is to keep sensitive information sent across the internet encrypted so that only the intended recipient can understand it. This security is important because the information you send on the internet is passed from computer to computer to get to the recipient. Any computer between you and the destination can utilize your user name, passwords, and other sensitive information if the information is not encrypted with an SSL certificate.

In addition to encryption, a proper SSL certificate also provides authentication. With authentication, you can be sure that you are sending information to the right recipient and not to an unknown user. You can ensure authentication by using an SSL certificate from a trusted SSL provider.

The keytool utility is used to obtain a digitally signed certificate to replace the self-signed certificate. This utility is available with Oracle JDKs. The Java keytool is a key and certificate management utility. It allows users to manage their own public or private key pairs and certificates. The Java keytool stores the keys and certificates, which is called as keystore. A keytool keystore contains the private key and any certificates necessary for authentication. The keytool is located in the jre7/bin directory of your Java installation file.

Note

For more information about configuring Jetty web server, watch the video on YouTube at  Configuring Jetty.

The following topics provide information and instructions for creating new keystores:

For information on troubleshooting Jetty startup issues, see BMC Knowledge Base article ID 000134172.

To configure REST API for HTTPS connection

  1. Import the existing signed primary certificate into an existing Java keystore:

    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

    If you do not have a certificate, create a new keystore by using a new password to secure the certificate:

    keytool -keystore keystore -alias jetty -genkey -keyalg RSA
    

    After the keystore has been created, you must provide six parameters that form a distinguished name for a certificate associated with the key.

    • CN—Common Name of the certificate owner (usually the name of the host)
    • OU—Organizational Unit of the certificate owner
    • O—Organization to which the certificate owner belongs
    • L—Locality name of the certificate owner
    • ST—State or province of the certificate owner
    • C—Country of the certificate owner

      Note

      The keystore file is created in the current directory of the command window.

  2. Obfuscate the SSL connector keystore password for greater security.
    For more information, see Obfuscating the password.
  3. Update the jetty-selector.xml file with the new password for the keystore.

    <Call name="addConnector">
         <Arg>
           <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
             <Arg>
               <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
                 <Set name="keyStore">c:/temp/keystore</Set>
                 <Set name="keyStorePassword">OBF:1tv71vnw1yta1zt11zsp1ytc1vn61tvv</Set>
                 <Set name="keyManagerPassword">OBF:1tv71vnw1yta1zt11zsp1ytc1vn61tvv</Set>
                 <Set name="trustStore">c:/temp/keystore</Set>
                 <Set name="trustStorePassword">OBF:1tv71vnw1yta1zt11zsp1ytc1vn61tvv</Set>
               </New>
             </Arg>
             <Set name="port">8443</Set>
             <Set name="maxIdleTime">30000</Set>
           </New>
         </Arg>
    </Call>
  4. Restart the AR System server.

After you create a self-signed certificate, browsers and other programs issue warnings to users about an insecure certificate each time the user authenticates. You can prevent the certificate warning by adding the self-signed certificate to the Trusted Root Certification Authorities store. For more information, see Importing a certificate into the Trusted Root Certification Authorities store.

Obfuscating the password

The Jetty passwords are stored as clear text, obfuscated, check-summed, or in encrypted form. For the keystore/ key/ truststore passwords, you must obfuscate the passwords. The class org.eclipse.jetty.util.http.security.Password is used to generate all types of secure passwords. The following command is used to create a new password:

java -cp jetty-util-8.1.15.v20140411.jar org.eclipse.jetty.util.security.Password username password

To configure REST API for HTTP connection

  1. Locate the Jetty sub directory from the ARSystem installation directory.
  2. From the jetty-selector.xml file, comment the HTTPS connector mentioned in step 3 above and uncomment the following HTTP connector if you use a reverse proxy that handles HTTPS and change the default port to 8008 according to your need.

    <Call name="addConnector">                             
    	<Arg>                                              
    		<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
            	<Set name="host"><Property name="jetty.host"/></Set>   
    			<Set name="port"><Property name="jetty.port"default="8008" /></Set>
    			<Set name="maxIdleTime">300000</Set>                   
    			<Set name="Acceptors">2</Set>                          
    			<Set name="statsOn">false</Set>                        
    			<Set name="confidentialPort">8443</Set>                
    			<Set name="lowResourcesConnections">20000</Set>        
    			<Set name="lowResourcesMaxIdleTime">5000</Set>         
    			<Set name="forwarded">true</Set>       
    		</New>                 
    	</Arg>     
    </Call>
    
  3. Restart the AR System server.

Related topics

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Jim Coryat

    The YouTube video reference is private so I am unable to view it.  Is there one that is not marked as private?

    May 31, 2016 02:36
    1. Prachi Kalyani

      Hello Jim,

      We are sorry for the inconvenience. I have changed the permissions for the video. You will be able to view the video now.

      Thanks,

      Prachi

      May 31, 2016 11:40
  2. Renan Caldeira

    Hello,

    Does Remedy REST API have an option to set the language for results (localization)?

    Jan 18, 2017 06:52
    1. Poonam Morti

      Hi Renan,

      I will verify this with the SME and get back to you soon.

      Thanks,

      Poonam

      Jan 19, 2017 05:29
    1. Christopher Seieroe

      No, the REST API doesn't expose the "useLocale" option to perform localized searches.

      Jan 19, 2017 04:50