How to Configure CABI Jaspersoft for HTTPS  (SSL)?

I'm unable to locate CATALINA_HOME%\conf\key.bin and would like to create a copy of the file before making changes.

Refer page 53 of TIBCO JasperReports® Server Security Guide

Release : 21.2, 22.2

Component : Jaspersoft for CA Spectrum

CABI's tomcat can be configured for SSL just as you would configure OneClick's tomat with a few extra steps

- cd to CABI dir
    cd /opt/CA/SharedComponents/CABI

- create a keystore folder
      mkdir keystore

- cd into keystore and copy cacerts file
    cd keystore
    cp -p /opt/CA/SharedComponents/CABI/java/lib/security/cacerts ./

- generate your self-signed certificate as you would on OneClick from 

/opt/CA/SharedComponents/CABI/java/bin/keytool -genkey -alias cabissl -keyalg RSA -keysize 2048 -validity 730 -ext "SAN=IP:xxx.xxx.xxx.xxx,DNS:myserver.mydomain.com" -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit

(Where SAN=IP:xxx.xxx.xxx.xxx is the IP address of this server and DNS:myserver.mydomain.com is the FQDN of the server)

- generate a Certificate Signing Request (.csr)

/opt/CA/SharedComponents/CABI/java/bin/keytool -certreq -alias cabissl -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -file cabissl.csr

- have the cabissl.csr signed

- make a backup copy of the cacerts file before importing the signed cert(s)

- import back into /opt/CA/SharedComponents/CABI/keystore/cacerts

   Import Root signed CA Cert (where <Root>.cer is the Root cert provided by your CA)

   /opt/CA/SharedComponents/CABI/java/bin/keytool -importcert -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit -alias Root -file <Root>.cer

   Import Intermediate signed CA Cert (where <Intermediate>.cer is the intermediate cert provided by your CA)

   /opt/CA/SharedComponents/CABI/java/bin/keytool -importcert -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit -alias Intermediate -file <Intermediate>.cer

   Import cabissl signed CA Cert 

   /opt/CA/SharedComponents/CABI/java/bin/keytool -importcert -keystore /opt/CA/SharedComponents/CABI/keystore/cacerts -storepass changeit -alias your_alias -file cabissl.cer

- Configure apache-tomcat to use SSL
     
Note: You can copy the connector entry from OneClick tomcat's server.xml  and adjust the PORT and path to the KEYSTORE as needed

Update: /opt/CA/SharedComponents/CABI/apache-tomcat/conf/server.xml

     <Connector
             port="8443"
             enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true"
             acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
             clientAuth="false" sslProtocol="TLS"
             sslEnabledProtocols="TLSv1.2"
             ciphers="TLS_AES_128_GCM_SHA256,
                      TLS_AES_256_GCM_SHA384,
                      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
                      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
             keystoreFile="/opt/CA/SharedComponents/CABI/keystore/cacerts"
             keystorePass="changeit">
       </Connector>
   

- restart tomcat
     cd /opt/CA/SharedComponents/CABI/
     ./stopServers.sh tomcat
     ./startServers.sh tomcat

You will also need to import tomcatssl cert into the CABI keystore and cabissl cert into OneClick / SRM keystore