Release : 4.2

Component : Service Operations Insight (SOI) Manager

Follow the below step for " How to configure CA Business Intelligence Jaspersoft (CABI 7.1.1) for HTTP SSL":-

1. Create a folder for keystore on CABI. Example:

mkdir "C:\Program Files\CA\SharedComponents\CA Business Intelligence\keystore"

2. Generate the PrivateKey running this command

"C:\Program Files\CA\SharedComponents\CA Business Intelligence\jre\bin\keytool.exe" -genkey -noprompt -dname "CN=<value>, OU=<value>, O=<value>, L=<value>, S=<value>, C=<value>" -keystore "C:\Program Files\CA\SharedComponents\CA Business Intelligence\keystore\cabi.jks" -storepass changeit -keyalg RSA -keysize 2048 -keypass changeit -ext SAN=dns:<hostNameSetInCN> -validity 7300 -alias cabi

3. Export the CABI certificate which will be moved to SOI UI Server for import using the

"C:\Program Files\CA\SharedComponents\CA Business Intelligence\jre\bin\keytool.exe" -exportcert -keystore "C:\Program Files\CA\SharedComponents\CA Business Intelligence\keystore\cabi.jks" -storepass changeit -alias cabi -file "C:\Program Files\CA\SharedComponents\CA Business Intelligence\keystore\cabi.cer"

4. Make the required edits to enable HTTPS in the "C:\Program Files\CA\SharedComponents\CA Business Intelligence\apache-tomcat\conf\server.xml" file.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

                                    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

                                    clientAuth="false"

                                    ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA22_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_SHA384, TLS_DHE_RSA_WITH_AES_128_SHA256"

                                    sslProtocol="TLSv1.2"

                                    keystoreFile="C:/Program Files/CA/SharedComponents/CA Business Intelligence/keystore/ssa.jks"

                                    keystorePass="changeit" />

5. Restart CA Business Intelligence Tomcat services (cabusinessintelligencetomcat) on the CABI server

6. Move the CABI certificate exported in step 3 to the SOI UI Server host.

Recommendation is to place it in the "C:\Program Files (x86)\CA\SOI\jre-64\lib\security" dir.

7. Import the CABI certificate placed in "C:\Program Files (x86)\CA\SOI\jre-64\lib\security" using this command

"C:\Program Files (x86)\CA\SOI\jre-64\bin\keytool.exe" -importcert -alias cabi -keystore "C:\Program Files (x86)\CA\SOI\jre-64\lib\security\cacerts" -storepass changeit -file "C:\Program Files (x86)\CA\SOI\jre-64\lib\security\cabi.cer"

8. Restart SOI UI Server service.

Note: Assumption both CABI and SOI UI server are installed at default locations, if not adjust the commands accordingly to your needs. Default Install locations are as below:

• CABI - "C:\Program Files\CA\SharedComponents\CA Business Intelligence"
• SOI UI Server - "C:\Program Files (x86)\CA\SOI"