Configure 360Suite with SSL
Context
For many features, 360Suite needs to access the BOBJ RESTful API. The impacted modules are:
- 360View
- 360Eyes
- 360Cast
- 360Bind
- 360WiiisdomOps For BusinessObjects
In this situation, 360Suite takes the role of client to the BOBJ RESTful service. If the service is accessible through https, 360Suite will try to validate that the certificate is trustful.If you are using a self-signed certificate or a certificate signed by your enterprise certification authority, you will face some issues.
For many features, 360Suite needs to access the BOBJ RESTful API. The impacted modules are:
- 360View
- 360Eyes
- 360Cast
- 360Bind
- 360WiiisdomOps For BusinessObjects
In this situation, 360Suite takes the role of client to the BOBJ RESTful service. If the service is accessible through https, 360Suite will try to validate that the certificate is trustful.
If you are using a self-signed certificate or a certificate signed by your enterprise certification authority, you will face some issues.
Symptoms
May it be in the interface, the task logs or the tomcat logs you will find the following error message:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Procedure
Procedure
All performed actions are basic security configuration steps that should be mastered by the security team of the customer.Wiiisdom only provides information about basic configuration that does not take into account any other custom configuration.On windows, if you are using 360Suite for BI 4.3,the "java directory" is C:\Windows\360Suite430\jdk8u275-b01-jre\bin and if you are using 360Suite for BI 4.2 then the path is C:\Windows\360Suite424\jdk8u275-b01-jre\bin
All performed actions are basic security configuration steps that should be mastered by the security team of the customer.
Wiiisdom only provides information about basic configuration that does not take into account any other custom configuration.
On windows, if you are using 360Suite for BI 4.3,the "java directory" is C:\Windows\360Suite430\jdk8u275-b01-jre\bin
and if you are using 360Suite for BI 4.2 then the path is C:\Windows\360Suite424\jdk8u275-b01-jre\bin
Gather the data
For the following procedure you will need the certificate of your BOBJ tomcat in the .cer format. If your security team provide any other format, here are the conversion steps:
Format of the input file | Procedure |
.jks | open a command prompt in the java directory, then
|
.pfx |
|
.crt |
|
Adding the certificate
To import the certificate, we are going to use "Keytool". Keytool is a tool to manage (public/private) security keys and certificates. You can find it under the following folder %JAVA_HOME%\bin. Please follow the listed steps below to import the certificate:
1-You need to open a command prompt in the Java directory (where you have your keytool utility stored), as an example : C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin\
2-Once you are in that directory, then you need to modify the below command to import the certificate. Note, you need to edit this command based on your own environment.
keytool -import -alias {Host name} -keystore ../lib/ext/cacerts -file certificate.cer
As an example:
keytool -import -alias test -keystore " C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI4.0\win64_x64\sapjvm\jre\lib\security\cecerts " -file "F:\root.cer"
3-Once, you imported the certificate, there will be a prompt to enter a password and this password by default is changeit unless you have changed the password on your end.
If the Tomcat was already running, it will require a restart to apply the changes.
Last updated 5 months ago