Before publishing report to a CleverPath Portal using SSL it is necessary to perform some setup operations with digital certificates. The following sections detail the procedure on various platforms.
Implementing SSL with CleverPath Portal is discussed in a separate document. For details of this process please refer to our technical document TEC264785
If you have a trusted certificate from a Certificate Authority, the certificate would already be installed on your box and you can launch your CleverPath Reporter Builder and start publishing reports to Portal on SSL without further steps.
If you are using a self-signed certificate please follow the steps below to install the certificate and publish your reports to Portal on SSL.
Windows setup
Client:
To configure CPR Builder to publish reports/results to Portal on SSL, users need to first accept the certificate from the Portal server. To achieve this follow these steps:
- On the windows box where CPR Builder is installed, from the browser connect to the Portal Server box configured for SSL.
- In the "Security Alert" dialog click on "View Certificate" button.
- In the "Certificate" dialog, after verifying that it's a valid certificate click on "Install Certificate" button and follow through the wizard to import the certificate successfully onto your windows box. This will allow CPR Builder client to publish reports to the Portal server.
- When finished click on "Yes" button in the "Security Alert" dialog to accept the certificate.
Server:
CPR Server needs to accept the certificate from Portal server before it can publish scheduled reports. To achieve this follow these steps:
- Users will now need to export the certificate to a file. There are 2 ways this can be achieved.
- The certificate can be exported using the java keytool utility which is located in the JDK bin directory (JDK 1.4 or later). Make sure the bin directory is in the path. If your Portal is running on tomcat and you have a self-signed certificate, running the following command would export your certificate to a file.
<JAVA_HOME>\bin \keytool -export -alias tomcat -file [certificate_name].cer
NOTE: The [certificate_name] is chosen by you and can be anything.
After executing the command you will be prompted for the keystore password. The default password used by Tomcat is "changeit". The exported certificate will be produced in the output file called [certificate_name].cer.
- OR, repeat step 1 and 2 (above) for Windows->Client configuration
In the "Certificate" dialog after verifying that it's a valid certificate, click on the "Details" tab.
Click on the button "Copy to File" and follow through the wizard to export the certificate to a .cer file. You can specify where you want to store the .cer file and this file (along with the path) will be used in the next step to import the certificate.
- The next step is to import the certificate created previously into the cacerts file. CACERTS contains all the certificates that are trusted. Identify the JRE that your scheduler process uses and go to the \lib\security directory (usually C:\Program Files\CA\CleverPath Reporter\jre\lib\security folder). If you are uncertain of which JDK your scheduler is using, run a search for all the cacerts files local to your box, and repeat the following import for all these directories. In the lib\security folder resides the cacerts file. This file needs to be updated to include this new exported [certificate_name].cer certificate created in the previous step. From a command line session, change directory to the lib\security directory. And run the following command to import the certificate:
keytool -import -file [certificate_name].cer -keystore cacerts
When prompted for the password, enter as previously specified during the export. On Windows CPR installations, it is recommended that the CPR Portal Enabler and Scheduler services be stopped and restarted.
Unix setup
Server:
CPR Server needs to accept the certificate from Portal server before it can publish scheduled reports. To achieve this follow these steps:
- You need to first export the certificate to a file. For this you will need to use the keytool utility which is located in your JDK bin directory (JDK 1.4 or later). Make sure the bin directory is in your path. If your Portal is running on tomcat and you have a self-signed certificate, running the following command would export your certificate to a file.
<JAVA_HOME>/bin/keytool -export -alias tomcat -file [certificate_name].cer
NOTE: The [certificate_name] is chosen by you and can be anything.
After executing the command you will be prompted for the keystore password. The default password used by Tomcat is "changeit". The exported certificate will be produced in the output file called [certificate_name].cer.
- You will need to now import this certificate into your cacerts file. CACERTS contains all the certificates that are trusted. Identify the JRE that your scheduler process uses and go to the .../lib/security directory (usually in /opt/CA/cleverpathreporter/jre/lib/security folder). If you are uncertain of which JDK your scheduler is using, run a search for all the cacerts files local to your box, and repeat the following import for all these directories. In the lib/security folder resides the cacerts file. This file needs to be updated to include this new exported [certificate_name].cer certificate created in the previous step. From a command line session, change directory to the lib/security directory and run the following command to import the certificate:
keytool -import -file [certificate_name].cer -keystore cacerts
When prompted for the password, enter as previously specified during the export. It is recommended that the Scheduler service be stopped and started using proschd.down followed by proschd.up.
You should now be configured to allow publishing of reports to Portal using SSL.