Secure Connections to CA Business Intelligence

You secure connections to
CA Business Intelligence
(CABI) by enabling authentication and by securing access to CABI over Hypertext Transfer Protocol Secure (HTTPS) when registering CABI as a data source in
NetOps Portal
.
Use the following process to secure connections to CABI:
Store the certificate and private key files, such as *.pem, *.cer, *.crt, *.key files, that are referenced in configuration files during this process in a secure location. If the certificate and private key files are temporary files that are not referenced in configuration files after this process is complete, move or delete them.
Verify the Prerequisites
Before enabling HTTPS for CABI, ensure that HTTPS is enabled for
NetOps Portal
and the data aggregator. If they are not, complete the following:
  1. Enable HTTPS for
    NetOps Portal
    .
  2. Enable HTTPS for the data aggregator.
    For more information, see Enable HTTPS for the Data Aggregator.
Enable HTTPS in CABI for HTTPS-Enabled
NetOps Portal
Import the Root/Intermediate certificates comprising the chain of trust for the
NetOps Portal
public certificate into the CABI truststore. This allows reporting to work in
NetOps Portal
.
For more information, see Set Up Certificates for NetOps Portal.
Follow these steps:
  1. On the CABI server, enter the following URL in a browser to open
    NetOps Portal
    :
    https://<
    NetOps_Portal_hostname
    >:8182
    A warning about an untrusted certificate appears in the browser.
    The browser prompts you to get the certificate.
  2. Save the certificate as
    capc_cert.cer
    in a local directory.
    The certificate that you saved is the
    NetOps Portal
    public certificate.
    If the
    NetOps Portal
    public certificate is not self-signed, import the root and intermediate certificates used for signing the
    NetOps Portal
    public certificate.
    Do the following:
    1. Click the certificate warning button near the URL.
    2. Click
      Details
      ,
      Copy to File
      .
    3. Select (DER encoded binary X.509 (.CER)).
  3. Open the command line by entering
    cmd
    .
  4. CD to the
    <
    CABI_installation_directory
    >/java/lib/security
    directory.
    This directory should contain the cacerts file. The cacerts file is the CABI truststore file.
    If the cacerts file is not in the security folder, search for the folder under the
    <
    CABI_INSTALL_FOLDER
    >
    directory.
  5. Issue the following command:
    <PATH_TO_JAVA
    >/bin/keytool -importcert -alias
    <alias>
    -keystore
    <truststore>
    -file
    <file>
    Example:
    <PATH_TO_JAVA>
    /bin/keytool -importcert -alias ALIAS -keystore cacerts -file /tmp/capc_cert.cer
    • PATH_TO_JAVA
      Specify the keystore location.
      Default:
      <PATH_TO_JAVA>
      /bin/keytool
    • alias
      Specify an alias that can be used to refer to the keystore entry.
      Example:
      ALIAS
    • truststore
      Specify the truststore file name.
      Default:
      cacerts
    • file
      Specify the file name for the certificate. Use a full pathname to the certificate.
      Example:
      /tmp/capc_cert.cer
    In the
    -file
    parameter,
    <path>
    indicates the full path to the
    capc_cert.cer
    file.
  6. When prompted, enter the password for the truststore, then, enter
    Yes
    .
    Default:
    changeit
  7. CD to the
    <
    CABI_installation_directory
    >/jre/lib/security
    directory.
    The directory should contain the
    cacerts
    file. The
    cacerts
    file is the CABI truststore file.
    If the
    cacerts
    file is not in the security folder, search for the folder that is under the
    <
    CABI_INSTALL_FOLDER
    >
    directory.
  8. Issue the following command:
    <PATH_TO_JAVA>
    /bin/keytool -importcert -alias
    <alias>
    -keystore
    <keystore>
    -file
    <file>
    Example:
    <PATH_TO_JAVA>
    /bin/keytool -importcert -alias ALIAS -keystore cacerts -file /tmp/capc_cert.cer
    • PATH_TO_JAVA
      Specify the keystore location.
      Default:
      <PATH_TO_JAVA>
      /bin/keytool
    • alias
      Specify an alias that can be used to refer to the keystore entry.
      Example:
      ALIAS
    • keystore
      Specify the keystore file name.
      Default:
      cacerts
    • file
      Specify the file name for the certificate. Use a full pathname to the certificate.
      Example:
      /tmp/capc_cert.cer
  9. When prompted, enter the password for the truststore, then, enter
    Yes
    .
    Default:
    changeit
  10. Restart the CABI service.
Update the Schema and Port for the CAPM Data Source Repository
In the CABI server, update the CAPM Data Source repository's
Port
and
Schema
.
Follow these steps:
  1. Log in as superuser.
  2. From the
    View
    menu, select
    Repository
    .
  3. Go to the
    /Public/ca/Performance Management/datasources
    directory, right-click
    CAPM Data Source
    , and then choose
    Edit
    .
    The following image shows these steps:
    The
    Set Data Source Type and Properties
    page opens, as shown in the following image:
  4. Change the
    Schema
    and
    Port
    properties, and then save your changes.