Appendix : Administration : Business Analytics Server Configuration : Configure Business Analytics for SSL and Digital Certificates : Configure HTTPS and Certficate Stores in the Application Server
Configure HTTPS and Certficate Stores in the Application Server
Configuration for SSL for Business Analytics can be defined in the application server that hosts the Business Analytics Server. These instructions discuss the basic steps for configuring SSL in Tomcat. See Tomcat Documentation or the documentation for your application server for detailed information.
1. If you do not yet have a key store, trust store and certificate for the Business Analytics Server, find or create these stores and certificate. See The Certificate Store and Certificates for instructions.
2. Configure Tomcat for secure connections from clients to the Business Analytics Server:
a. Edit the server.xml file for Tomcat to uncomment and configure the <Connector> element for SSL/HTTPS 1.1. For example:
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="conf/tomcat.jks"
keystorePass="keystrpwd"
truststoreFile="conf/tomcat.jks"
truststorePass="truststrpwd" />
This example uses the default Tomcat port, 8443, and mutual SSL, based on the clientAuth value. If this was a one-way connection, you would set clientAuth to false. This example also uses the default Tomcat certificate store, conf/tomcat.jks, as both the key store and the trust store. See Tomcat documentation for information on other properties.
b. Once you have configured an HTTPS port in your application server, update port configuration for the Business Analytics Server to listen to that port. See Configure the Business Analytics Server with Custom Ports for more information on this step.
c. Enable Business Analytics to use secure session cookies:
a. Open the web.xml file located in <MashZone NextGen installation>/apache-tomee-jaxrs/webapps/mashzone/WEB-INF/ in a text editor.
b. Find the session-config/cookie-config/secure element and change the value to true.
Example
<session-config>
<session-timeout>30</session-timeout>
<!--
Set the "secure" flag to true when using HTTPS for enhanced security
-->
<cookie-config>
<secure>false</secure>
</cookie-config>
</session-config>
Note:  
Once this is set to true, only HTTPS access will be allowed.
3. If needed, enable Business Analytics authentication to use certificates. See Authentication with Digital Certificates/SSL for instructions.
Copyright © 2013-2017 Software AG, Darmstadt, Germany. (Innovation Release)

Product LogoContact Support   |   Community   |   Feedback