How to enable HTTPS/SSL for Jarvis/CABI.

book

Article ID: 194151

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

How to enable HTTPS/SSL for Jarvis/CABI.

Environment

Release : 14.0

Component : JASPERSOFT REPORTS FOR PAM SERVER CONTROL

Resolution

To enable https with a self signed certificate:

1) Create directory C:\jasper-keystore and navigate to it in a command line.

The PIM ENTM is quite strict about the certificate used so you need to make sure that the hostname, fqdn or ip address used to connect to the Jasper server from the ENTM is included either in the answer to the "What is your first and last name?" prompt, or as a Subject Alternative Name.

While this is somewhat beyond the scope of this document, the easiest way is to include the fqdn, hostname and ip address in the certificate. 

Execute the following command on the command line where <fqdn> and <ipaddress> are replaced by the host name and ip address of the jasper server:

"C:\Program Files\CA\SC\CA Business Intelligence\java\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore jasper.keystore -ext san=dns:<fqdn>,ip:<ipaddress> -keystore jasper.keystore

When you are prompted with:

 "What is your first and last name?"

Enter the hostname of the jasper server. Do not enter your actual first and last name. This is for the hostname of the server.

Answer the rest of the prompts as appropriate to your site.

This will mean that the certificate will be valid for the hostname, fqdn, and ip address of the server.

This will create a keystore:

C:\jasper-keystore\jasper.keystore

2) Make a backup copy of C:\Program Files\CA\SC\CA Business Intelligence\apache-tomcat\conf\server.xml outside of C:\Program Files\CA\SC\CA Business Intelligence\apache-tomcat\conf and then edit it.

Find the line:

<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

And replace it with the below, replacing <password> with the password of jasper.keystore from step 1:

<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\jasper-keystore\jasper.keystore" keystorePass="<password>" />

Note for linux only: port="8443" must be the third attribute for the startServers.sh script to work on linux. Do not comment out <Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>, you need to delete this line. The jasper instance of tomcat can only be run on one port on linux without modifying the startServers.sh script.

Restart tomcat. Jasper should now be available on:

https://<server>:8443/jasperserver-pro

3) If you want to make tomcat ssl only, in server.xml find:

<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

And comment it out:

<!-- <Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/> -->

Restart tomcat.