5 Replies Latest reply on Feb 5, 2018 11:22 PM by Ricky .

    SSL Protocol for Smart Reporting

    Ricky .

      Hi All,

       

      I got issue while i tried to config the SSL for smart reporting.

       

      <!--  -->

          <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

                     maxThreads="150" SSLEnabled="true">

              <SSLHostConfig>

                  <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

                               type="RSA" />

              </SSLHostConfig>

          </Connector>

          

          <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

               This connector uses the APR/native implementation. When using the

               APR/native implementation or the OpenSSL engine with NIO or NIO2 then

               the OpenSSL configuration attributes must be used.

          -->

          <!--   -->

          <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"

                     maxThreads="150" SSLEnabled="true" >

              <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

              <SSLHostConfig>

                  <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"

                               certificateFile="conf/localhost-rsa-cert.pem"

                               certificateChainFile="conf/localhost-rsa-chain.pem"

                               type="RSA" />

              </SSLHostConfig>

          </Connector>

       

      There are 2 connector protocol in the server.xml, i tried uncomment each of the protocol and then tried to access the https://localhost:8443 or https:localhost:443 in the host but the IE browser keeps loading and show nothing.

      Which protocol i should used to enabled the HTTPS access for the smart reporting? I just need to make sure the SSL smart reporting is accessible with private key entry.

       

       

      Please advice.

       

      Regards,

      Ricky

        • 1. Re: SSL Protocol for Smart Reporting
          Carl Wilson

          Hi,

          you can use either, 443 is the standard SSL port where you do not need to provide the port in the link.

           

          e.g. https://myserver.com/

           

          If using 8443, you will need to provide the port in the link.

           

          e.g. https://myserver.com:8443/

           

          For SSL to work correctly, you need to have the associated keys and certificates all available to Tomcat for the certificate to be served up correctly, then define the location for the file containing the SSL information.  The below example shows a default keystore of ".keystore".

          If the keystore only has one certificate, you don't need to define the alias to use, but if there are multiple certificates you need to tell Tomcat what certificate to use in the keystore.

           

          Example:

           

          <!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
          <Connector
            protocol="org.apache.coyote.http11.Http11NioProtocol"
            port="443" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            keystoreFile="${user.home}/.keystore" keystorePass="changeit"
            clientAuth="false" sslProtocol="TLS"/>

           

          Dependent on how you have the keys and certificates stored will determine how you configure the connector to access the SSL information.

           

          Apache Tomcat 8 (8.0.48) - SSL/TLS Configuration HOW-TO

           

          Cheers

          Carl

          • 2. Re: SSL Protocol for Smart Reporting
            Ravindrakumar Rodge

            You can figure out the tomcat that is used by the Smart Reporting Application.

            - In my system my SmartReporting is making use of below tomcat location

            C:\Program Files\BMC Software\ARSystem\SmartReporting\appserver\conf

            - Edit the server.xml file and modify below for SmartReporting to work with SSL.

             

            - Restart the tomcat Services used by SmartReporting and then try accessing the SmartReporting URL with port 8443.

             

            Regards,

            Ravi

            • 3. Re: SSL Protocol for Smart Reporting
              Ricky .

              Hi All,

               

              Thanks for the reply.

               

              Finally it's resolved.

              In the AR Server 9.1 we need to adjust the connector for tomcat version 8.5.6 since the oob connector in the server.xml provide the connector for apache tomcat 7.0.

               

              Regards,

              • 4. Re: SSL Protocol for Smart Reporting
                Conrad Pereira

                Hi Ricky,

                 

                What adjustments to the connector you made for tomcat version 8.5.6? Could you please share the connector setting you used? I tried several options and I kept receiving the below warning message while trying to use a signed certificate from a CA.

                 

                WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context

                java.lang.NullPointerException

                 

                Tomcat version 8.5.6 is the built-in version that comes with Smart Reporting 9.1.04.

                Finally, I decided to install Apache Tomcat 8.5.27 independently and the signed certificate from CA worked fine. I then re-installed Smart Reporting and chose the "External Tomcat Server" option and the installation went successful and Smart Reporting working with SSL.

                 

                Regards

                • 5. Re: SSL Protocol for Smart Reporting
                  Ricky .

                  Hi Conrad,

                   

                  Try change your connector protocol to this.

                  Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

                             port="8443" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" maxThreads="200"

                             scheme="https" secure="true" SSLEnabled="true"

                           

                  Here is the reference link for the tomcat : Apache Tomcat 8 (8.5.27) - SSL/TLS Configuration HOW-TO

                   

                  I think the oob connector for the smart reporting (9.1.03) apache should be set like above, so we don't confused why the ssl doesn't worked.

                   

                  Regards,

                  Ricky