How to Configure CABI Jaspersoft for HTTPS (SSL)
search cancel

How to Configure CABI Jaspersoft for HTTPS (SSL)

book

Article ID: 245704

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction


How to Configure CABI Jaspersoft for HTTPS  (SSL)?

I'm unable to locate CATALINA_HOME%\conf\key.bin and would like to create a copy of the file before making changes.

Refer page 53 of TIBCO JasperReportsĀ® Server Security Guide

Environment

Release : 21.2, 22.2

Component : Jaspersoft for CA Spectrum

Resolution


CABI's tomcat can be configured for SSL just as you would configure OneClick's tomcat with a few extra steps

  • cd to CABI dir
        cd /opt/CA/SharedComponents/CABI

  • create a keystore folder
       mkdir keystore

  • cd into keystore and copy cacerts file
        cd keystore
        cp -p /opt/CA/SharedComponents/CABI/java/lib/security/cacerts ./

  • generate your self-signed certificate as you would on OneClick from 

    /opt/CA/SharedComponents/CABI/java/bin/keytool -genkey -alias cabissl -keyalg RSA -keysize 2048 -validity 730 -ext "SAN=IP:xxx.xxx.xxx.xxx,DNS:myserver.mydomain.com,DNS:myserver" -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit

    (Where SAN=IP:xxx.xxx.xxx.xxx is the IP address of this server -and- DNS:myserver.mydomain.com is the FQDN of the server)



  • generate a Certificate Signing Request (.csr)

    /opt/CA/SharedComponents/CABI/java/bin/keytool -certreq -alias cabissl -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -ext "SAN=IP:xxx.xxx.xxx.xxx,DNS:myserver.mydomain.com,DNS:myserver" -file cabissl.csr


  • have the cabissl.csr signed

  • make a backup copy of the cacerts file before importing the signed cert(s)
       cd /opt/CA/SharedComponents/CABI/keystore
       cp -p cacerts cacerts.preimport

  • import back into /opt/CA/SharedComponents/CABI/keystore/cacerts

       Import Root signed CA Cert (where <Root>.cer is the Root cert provided by your CA)

       /opt/CA/SharedComponents/CABI/java/bin/keytool -importcert -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit -alias Root -file <Root>.cer

       Import Intermediate signed CA Cert (where <Intermediate>.cer is the intermediate cert provided by your CA)

       /opt/CA/SharedComponents/CABI/java/bin/keytool -importcert -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit -alias Intermediate -file <Intermediate>.cer

       Import cabissl signed CA Cert 

       /opt/CA/SharedComponents/CABI/java/bin/keytool -importcert -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit -alias your_alias -file cabissl.cer



  • Configure apache-tomcat to use SSL

    Update: /opt/CA/SharedComponents/CABI/apache-tomcat/conf/server.xml

    <Connector port="8443" enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/CA/SharedComponents/CABI/keystore/cacerts" keystorePass="changeit"/>


    Note: You can copy the connector entry from OneClick tomcat's server.xml  and adjust the PORT and path to the KEYSTORE as needed



  • restart tomcat
       cd /opt/CA/SharedComponents/CABI/
       ./stopServers.sh tomcat
       ./startServers.sh tomcat

Additional Information

You will also need to import tomcatssl cert into the CABI keystore and cabissl cert into OneClick / SRM keystore

Powered by Wolken Software