Configure 360Suite with SSL

Context

For many features, 360Suite needs to access the BOBJ RESTful API. The impacted modules are:

- 360View
- 360Eyes
- 360Cast
- 360Bind / WiiisdomOps for BusinessObjects

In this situation, 360Suite takes the role of client to the BOBJ RESTful service. If the service is accessible through https, 360Suite will try to validate that the certificate is trustful.
If you are using a self-signed certificate or a certificate signed by your enterprise certification authority, you will face some issues.

Symptoms

May it be in the interface, the task logs or the tomcat logs you will find the following error message:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Procedure

All performed actions are basic security configuration steps that should be mastered by the security team of the customer.
Wiiisdom only provides information about basic configuration that does not take into account any other custom configuration.
On windows, if you are using 360Suite for BI 4.3, the java directory is C:\Windows\360Suite430\jdk8u275-b01-jre\bin
and if you are using 360Suite for BI 4.2 then the path is C:\Windows\360Suite424\jdk8u275-b01-jre\bin

Gather the data

For the following procedure you will need the certificate of your BOBJ tomcat in the .cer format. If your security team provide any other format, here are the conversion steps:

Format of the input file	Procedure
.jks	open a command prompt in the java directory, then keytool -exportcert -rfc -alias <alias> -file <certificate_path> -keystore <keystore_path> -storepass <keystore_password>
.pfx	Open up Internet Explorer Go to the Internet Options window (from the “tools” button) On the “Content” tab, select the Certificates button. Import your .pfx file Export the newly-imported certificate as a .cer file (base-64)
.crt	Double-click on the .crt file to open it into the certificate display. Select the Details* tab, then select the Copy to file option Choose next on the Certificate Wizard. Select Base-64 encoded X.509 (.CER) in the File format window, then Next. Select Browse (to locate a destination) and type in the filename. Choose Next, then the certificate file with the format .cer will be saved in the selected destination.

Adding the certificate

To import the certificate, we are going to use "Keytool". Keytool is a tool to manage security keys and certificates.

It can be found under the following folder %JAVA_HOME%\bin. Please follow the listed steps below to import the certificate:

1-You need to open a command prompt in the Java directory (where you have your keytool utility stored).

When using the Tomcat embedded with 360Suite, the default path for the keytool utility is:

C:\Windows\360Suite430\jre\bin\ (for installations starting from 2024.2)
C:\Windows\360Suite430\jdk8u275-b01-jre\bin\ (for older installations)

2-Once in the directory, you need to run the below command to import the certificate. Note, you will need to edit this command based on your own environment.

keytool -import -alias <alias> -keystore <keystore_path> -file <certificate_path>

→ <alias> is the name you want to identify this certificate with in the keystore

→ <keystore_path> is the path to the keystore (e.g. "../lib/ext/cacerts")

→ <certificate_path> is the path to the certificate to be added (e.g. "certificate.cer")

For example:

keytool -import -alias "BO43_RestCertificate" -keystore "C:\Windows\360Suite430\jre\lib\security\cacerts" -file "F:\root.cer"

3-Once the certificate has been added to the keystore, there will be a prompt to enter a password. By default, the password is changeit, unless it has already been changed beforehand.

If the Tomcat was running, it will require a restart to apply the changes.

Last updated 5 months ago