Configuring SSL

Configuring SSL
cabi643
It is observed that, tomcat versions 7.0.50 is having issues in enabling SSL.
Enabling SSL ensures to use HTTPS to access CA Business Intelligence JasperReports Server portal. By default SSL is not enabled with the installation. All URLs defined in windows short cut menus need to be updated with HTTPS.
 
 
To import an authorized certificate and configure the SSL:
 
Prerequisite to import an authorized certificate and configure the SSL:
 
  1. As a prerequisite, copy the certificate provided to a folder that is created, for example, C:\certificate is the folder which contains .crt and .key files.
 
Follow the steps to import an authorized certificate and configure the SSL: 
 
  1. Copy the certificate provided to a folder that is created, for example, C:\certificate is the folder which contains 
    .crt
     and 
    .key
     files.
  2. Generate the keystore using the 
    .crt
     file mentioned in 
    Step 1
    . Run the command from the 
    tomcat\bin
     folder. The keytool command is as follows:
    keytool -import -alias <cabi> -keystore C:\keystore\key -trustcacerts -file C:\certificate\cert.crt
    The keystore key will be generated in the keystore folder.
  3. OpenSSL should be installed on the system to execute the command. Execute the command from the openssl folder to generate .p12 file.
    openssl pkcs12 -export -name cabi -in C:\certificate\cert.crt -inkey C:\certificate\cert.key -out C:\certificate\cert1.p12
    Provide the correct path according to  folder location .
  4. Run the command from the 
    tomcat\bin
     folder import the keystore.
    keytool -importkeystore -destkeystore C:\keystore\key -srckeystore C:\keystore\cert1.p12 -srcstoretype pkcs12 -alias cabi
  5. Add the connector entry mentioned here, to 
    C:\Program Files\CA\SharedComponents\CA Business Intelligence\apache-tomcat\conf\server.xml
     file or the correct jasper tomcat location on your machine.
    <Connector port="8443" enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true" protocol="org.apache.coyote.http11.Http11NioProtocol"
    acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
    ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
    keystoreFile="C:/PROGRA~1/CA/SharedComponents/CABUSI~1/apache-tomcat/conf/keystore/key"
    keystorePass="password_created_above" >
    </Connector>
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
  6. Replace the keystoreFile & the keystorePass with the corresponding entries as used in steps mentioned previously.
  7. Restart server 'CA Business Intelligence Tomcat' from services.msc (tomcat server).
 
 
 
Follow the steps to configure SSL in CA Business Intelligence 6.4.3 build: 
 
  1. Install CA Business Intelligence 6.4.3 build.
  2. Open the command prompt and navigate to bin folder of tomcat and follow the commands to generate the keystore to enable SSL. 
    Tomcat\bin>keytool -genkey -alias mkyong -keyalg RSA -keystore C:\keystore
    The above command provide instructions to capture name, organization, password and other entries. Remember the provided password and other details for further reference.
  3. A certificate named "keystore" is created which is located in drive “
    C:\
    “.
  4. You can use the same “keytool” command to list the existing details of the certificate. The command is: 
    Tomcat\bin>keytool -list -keystore c:\keystore
  5. Open the Tomcat configuration file 
    Tomcat\conf\server.xml  
    and keep the existing 
    connector
     in commented format.
  6. Add the following connector element to support SSL or an https connection. Ensure to replace highlighted keywords with actual values.
     
    Configuration for Tomcat 8
     
    <Connector port="
    8443
    " protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="
    C:/keystore
    "
    keystorePass="
    password
    " />
     
    Configuration for Tomcat 7
     
    <Connector port="
    8443
    " protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="
    C:/keystore
    "
    keystorePass="
    password
    " />
  7. Save and restart Tomcat.
  8. Access https://localhost:8443/jasperserver-pro/login.html (localhost-machine name).