Configure 360Suite with SSL

Context

For many features, 360Suite needs to access the BOBJ RESTful API. The impacted modules are:

- 360View
- 360Eyes
- 360Cast
- 360Bind
- 360WiiisdomOps For BusinessObjects

In this situation, 360Suite takes the role of client to the BOBJ RESTful service. If the service is accessible through https, 360Suite will try to validate that the certificate is trustful.
If you are using a self-signed certificate or a certificate signed by your enterprise certification authority, you will face some issues.

Symptoms

May it be in the interface, the task logs or the tomcat logs you will find the following error message:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Procedure

All performed actions are basic security configuration steps that should be mastered by the security team of the customer.
Wiiisdom only provides information about basic configuration that does not take into account any other custom configuration.
On windows, if you are using 360Suite for BI 4.3,the "java directory" is C:\Windows\360Suite430\jdk8u275-b01-jre\bin
and if you are using 360Suite for BI 4.2 then the path is C:\Windows\360Suite424\jdk8u275-b01-jre\bin

Gather the data

For the following procedure you will need the certificate of your BOBJ tomcat in the .cer format. If your security team provide any other format, here are the conversion steps:

Format of the input file	Procedure
.jks	open a command prompt in the java directory, then keytool -exportcert -rfc -alias {NOM DE LA MACHINE} -file mycert.cer -keystore mykeys.jks -storepass {JKS PASSWORD}
.pfx	Open up Internet Explorer Go to the Internet Options window (from the “tools” button) On the “Content” tab, select the Certificates button. Import your .pfx file Export the newly-imported certificate as a .cer file (base-64)
.crt	Double-click on the .crt file to open it into the certificate display. Select the Details* tab, then select the Copy to file option Choose next on the Certificate Wizard. Select Base-64 encoded X.509 (.CER) in the File format window, then Next. Select Browse (to locate a destination) and type in the filename. Choose Next, then the certificate file with the format .cer will be saved in the selected destination.

Adding the certificate

To import the certificate, we are going to use "Keytool". Keytool is a tool to manage (public/private) security keys and certificates. You can find it under the following folder %JAVA_HOME%\bin. Please follow the listed steps below to import the certificate:

1-You need to open a command prompt in the Java directory (where you have your keytool utility stored), as an example : C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin\

2-Once you are in that directory, then you need to modify the below command to import the certificate. Note, you need to edit this command based on your own environment.

keytool -import -alias {Host name} -keystore ../lib/ext/cacerts -file certificate.cer

As an example:

keytool -import -alias test -keystore " C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI4.0\win64_x64\sapjvm\jre\lib\security\cecerts " -file "F:\root.cer"

3-Once, you imported the certificate, there will be a prompt to enter a password and this password by default is changeit unless you have changed the password on your end.

If the Tomcat was already running, it will require a restart to apply the changes.

Last updated 5 months ago