Configure 360Eyes with SSL
Symptom
If you or a customer have activated SSL for the SAP BusinessObjects restful API web server, then you will need to configure the Wiiisdom's 360Suite applications in order to make them trust the used certificate.
Procedure
All performed actions are classic security configuration that should be mastered by the security team of the customer.
We just provide information about a classic configuration that does not take account about any specific customer configuration.
All Wiiisdom 360Suite applications are using the Java JVM.
As those applications communicate with SAP BusinessObjects through the Restful API running on a SSL activated web server, the appropriate certificate must be trusted by the used JVM.
To do so we need to import the certificate in cacert file with a command like:
If you already have a valid cacerts file you can skip this step : 360Web Platform or 360eyes
Import the certificate to the client's cacerts by using the keytool utility.
In a command prompt, navigate to the directory <JAVA_HOME>\jre\lib\security\ and use the following command:
keytool -import -alias <local certificate name> -file <certificate file> -keystore cacerts
For example:
keytool -import -alias my_ssl_cert -file ssl-credentials-cert1.crt -keystore cacerts
Once you have imported the certificate, copy the updated cacerts file.
Running from the CMC
By default, 360eyes is using the Java provided by BOBJ.
<BOBJ_INSTALL> /SAP BusinessObjects Enterprise XI 4.0/win64_x64/sapjvm/jre/lib/security
If it is not the JAVA used by default, it is the same procedure but in <JAVA_PATH>\jre\lib\security\cacerts
If you previously set up -Djavax.net.ssl parameters in the JVM Arguments of your 360eyes jobs, you can remove them as they are no longer needed !
Running from the GUI/CLI
Check the 360eyes_GUI.bat or 360eyes script in 360eyes/tools to see which JAVA is used :
java -cp "%SDK_LIB_FOLDER%/*;../libs/*" com.gbs.eyes.LauncherGui
java -cp "%SDK_LIB_FOLDER%/*;../libs/*" com.gbs.eyes.Launcher <job> <cms> <BO_user> <BO_user_passwd> <auth> <360Eyes_dir>
If it is just written java, it is the one defined in JAVA_HOME
Go to that folder and replace the cacerts file there <JAVA_PATH>\jre\lib\security\cacerts
If the GUI was running, you'll need to restart it to apply the changes
If you previously set up -Djavax.net.ssl parameters in the GUI360eyes jobs, you can remove them as they are no longer needed !
Additional Information
The default password for the sapjvm cacerts file is 'changeit' if you didn't modify it.
To verify if the cacerts in the SAPJVM is valid, you can :
run this command line:
"<BOBJ_INSTALL>\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\bin\keytool" -list -keystore "<BOBJ_INSTALL>\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\lib\security\cacerts" > result.txt
Open the file result.txt
Search if the RESTful Web Service URL is present.
Last updated about 1 year ago