SSL Configuration in Tomcat - SAP Business Intelligence

Easy steps to configure SSL in Tomcat - SAP Business Intelligence

If you have planned to setup BI Launchpad / OpenDocument to run through trusted HTTPS URL link then go through the blog.

Generally, a SSL certificate is needed to globally authorize that the URL links of your webserver is secured (encrypted).

By default, the Tomcat server in SAP Business Objects use HTTP port to access BI Launchpad / CMC / Opendoc URL. To setup you Tomcat to enable HTTPS follow the below steps,

1.       Generate a Keystore file – keystore file is required to store your SSL certificates obtained from Certificate Authority
·         Navigate to the folder location in SAP Business Objects –
<Drive>:\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\

<Shift> + right click on the bin folderàselect Open command window here
·         Use the command –
keytool -genkey -alias <alias_name> -keyalg RSA -keysize 2048

Eg:
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048
Tomcat is alias name



Create your password for the certificate (Important – Save this password)  


Give any name for URL – (Note – this will be the HTTPS URL access for Tomcat)

Eg – https://learnsapbusinessobjects.blogspot.com/BOE/BI


Fill the other details


By default .KEYSTORE file will be generated on the below location,
C:\Users\<username>


Rename and Copy this file to an easy location (C drive)



2.       Generate CSR file – it is a request file which is needed to obtain certificate files from Certificate Authority
Use the command –
keytool -certreq -keyalg RSA -alias <alias_name> -file C:\ certreq.csr -keystore C:\ <keystore_name>.keystore
Eg:
keytool -certreq -keyalg RSA -alias tomcat -file C:\certreq.csr -keystore C:\tomcat.keystore



Enter the password you created. A .CSR file will be created.

Send this certreq.csr file to Certificate Authority and buy SSL certificates. Follow the below link for more information on buying SSL certificate, I used digicert for example there are many websites where you can buy SSL certificate.

https://www.digicert.com/easy-csr/keytool.htm

     You will receive the below certificate files from the Certificate Authority through email as a zip file,


3.       Import the SSL certificates into tomcat.keystore file

·         First import the DigiCertCA.crt by using the command –
keytool -import -trustcacerts -alias <different_alias_name> -keystore C:\tomcat.keystore -file C:\DigiCertCA.crt

Eg:
keytool -import -trustcacerts -alias Intermediate -keystore C:\tomcat.keystore -file C:\DigiCertCA.crt




·         Import the tomcat_ssl.cer file into tomcat.keystore,

·         keytool -import -trustcacerts -alias tomcat -keystore C:\tomcat.keystore -file C:\tomcat_ssl.cer
note: the alias name should be same as while tomcat.keystore file created

Certificate will be added to the keystore.

·         Verify whether the certificate is installed properly by using the command –
keytool -list -v -keystore  C:\tomcat.keystore > D:\ keystore_output.txt

Open the saved text file and find the alias name tomcat


Certificate Chain length should be 3. If you did not see highlighted text then something you missed.

Check whether the certificate is generated from the requested .CSR file

4.       Setup up tomcat to use the certificate and enable HTTPS:

       ·         Stop the Tomcat in Central Configuration Manager


          ·         Locate the server.xml file on the tomcat folder (D:\SAP BusinessObjects\tomcat\conf)


·         Open the file in notepad ( notepad++ editor would be easier to edit)

Create a connection port for HTTPS access (443 / 8443)

Eg:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" sslProtocol="TLSv1.2" clientAuth="false" keystorePass="tomcat" keystoreFile="C:\tomcat.keystore" secure="true" scheme="https" maxThreads="150" SSLEnabled="true"/>


·         Save the server.xml file and start the Tomcat in Central Configuration Manager (wait approx. 10 min to load).

·         Access the BI Launchpad URL and check – https://learnsapbusinessobjects.blogspot.com/BOE/BI
You should see the BI Launchpad.

Common Error:
          
      If you get the below error then the Certificate keys does not match with .Keystore file keys, follow the Steps from the beginning.

Reference URL –

https://knowledge.digicert.com/generalinformation/INFO234.html
https://launchpad.support.sap.com/#/notes/1648573

Complete documents for download-

http://hopigrarn.com/1KgN

http://hopigrarn.com/1Kni

Comments

Post a Comment