Configure 360Eyes with SSL

Symptom

If you or a customer have activated SSL for the SAP BusinessObjects restful API web server, then you will need to configure the Wiiisdom's 360Suite applications in order to make them trust the used certificate.

Procedure

All performed actions are classic security configuration that should be mastered by the security team of the customer.
We just provide information about a classic configuration that does not take account about any specific customer configuration.

All Wiiisdom 360Suite applications are using the Java JVM.
As those applications communicate with SAP BusinessObjects through the Restful API running on a SSL activated web server, the appropriate certificate must be trusted by the used JVM. 
To do so we need to import the certificate in cacert file with a command like:

If you already have a valid cacerts file you can skip this step : 360Web Platform or 360eyes

Import the certificate to the client's cacerts by using the keytool utility.

In a command prompt, navigate to the directory <JAVA_HOME>\jre\lib\security\ and use the following command:
keytool -import -alias <local certificate name> -file <certificate file> -keystore cacerts

For example:
keytool -import -alias my_ssl_cert -file ssl-credentials-cert1.crt -keystore cacerts

Once you have imported the certificate, copy the updated cacerts file.

Running from the CMC

By default, 360eyes is using the Java provided by BOBJ.
<BOBJ_INSTALL> /SAP BusinessObjects Enterprise XI 4.0/win64_x64/sapjvm/jre/lib/security


If it is not the JAVA used by default, it is the same procedure but in <JAVA_PATH>\jre\lib\security\cacerts
If you previously set up -Djavax.net.ssl parameters in the JVM Arguments of your 360eyes jobs, you can remove them as they are no longer needed !

Running from the GUI/CLI

Check the 360eyes_GUI.bat or 360eyes script in 360eyes/tools to see which JAVA is used :
java -cp "%SDK_LIB_FOLDER%/*;../libs/*" com.gbs.eyes.LauncherGui
java -cp "%SDK_LIB_FOLDER%/*;../libs/*" com.gbs.eyes.Launcher <job> <cms> <BO_user> <BO_user_passwd> <auth> <360Eyes_dir>

If it is just written java, it is the one defined in JAVA_HOME

Go to that folder and replace the cacerts file there <JAVA_PATH>\jre\lib\security\cacerts


If the GUI was running, you'll need to restart it to apply the changes
If you previously set up -Djavax.net.ssl parameters in the GUI360eyes jobs, you can remove them as they are no longer needed !

Additional Information

The default password for the sapjvm cacerts file is 'changeit' if you didn't modify it.

SAP Help Portal

To verify if the cacerts in the SAPJVM is valid, you can :

  1. run this command line:

"<BOBJ_INSTALL>\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\bin\keytool" -list -keystore "<BOBJ_INSTALL>\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\lib\security\cacerts" > result.txt

  1. Open the file result.txt

  2. Search if the RESTful Web Service URL is present.


Last updated 7 months ago