WebFOCUS Online Help > WebFOCUS Administration Console > WebFOCUS Encryption Features > Configuring WebFOCUS in an SSL Environment

Configuring WebFOCUS in an SSL Environment

In this section:

Reference:

The Secure Sockets Layer (SSL) is a protocol for managing the confidentiality of data transmitted over the Internet. In order to configure WebFOCUS for use with SSL, a certificate must be installed for the Web server and enabled for SSL.

Some WebFOCUS components make internal calls to the Web server. Depending on the application server you use, these components may be able to make https (SSL) calls using the default certificate provided by your application server. If your application server does not provide a default certificate, or if you want to enhance performance by minimizing the number of https calls, you can configure WebFOCUS to make more efficient http calls by operating within the secure environment established when the user connected to the Web using SSL.

To configure ReportCaster to use http calls to the application server:

  1. Go to the ReportCaster Server configuration tool. On the MR Info tab, change the protocol, host, and port specified in the Repository Node property to point to the internal listener of your application server. Use localhost if the ReportCaster Distribution Server resides on the same machine as WebFOCUS. Otherwise, specify the host name of the application server. This setting controls where the ReportCaster server-side Java components go to retrieve information about Managed Reporting reports available to schedule and where the ReportCaster Distribution Server goes to retrieve the Managed Reporting reports at run time.

    The Default Library URL setting on the Library tab should remain pointed to the Web server.

  2. Save and close the ReportCaster Server configuration tool.
  3. Restart the WebFOCUS and ReportCaster Web applications and the ReportCaster Distribution Server.
Top of page
Reference: ReportCaster in an SSL Environment

When you open the ReportCaster Development and Administration interface, you will be notified that an SSL certificate is being passed through to the browser. Click Yes in order to continue using the ReportCaster interface.

A certificate is your public key. A public key is a value provided by a third party (known as the Certificate Authority) as an encryption key. The public key combines with a private key (derived from the public key) to encrypt messages transmitted on the Internet.

Certificates establish trust. If you trust a Certificate Authority, then you trust all of its certificates. As shipped by Sun, the Java Development Kit (JDK) trusts Verisign and Thawte.

Other trusted authorities can be added to your JDK/JRE with the keytool utility that is shipped with the JDK/JRE.

To configure WebFOCUS for use with SSL, you must perform the following steps:

Top of page
Acquiring a Certificate

To acquire a certificate, you must create a certificate request and deliver it to a Certificate Authority, who generates the certificate. You must then install the certificate for a particular Web server.

For more information about acquiring a certificate, see https://digitalid.verisign.com/server/help/hlpEnrollServer.htm.

Note: For testing purposes, a self-signed certificate can be generated and used without using a third-party Certificate Authority.

Top of page
Registering a Self-Signed Certificate With the JVM

Note: You may skip this step if you have a trusted certificate.

You can add trusted authorities to the Java installation used by your WebFOCUS installation with the keytool utility that is shipped with the JDK/JRE. By default, the keytool utility is located in the $JAVA_HOME/bin directory. The default keystore is located in the $JAVA_HOME/jre/lib/security directory.

Note: $JAVA_HOME is a UNIX environment variable. On Windows, this is %JAVA_HOME%.

Top of page
Procedure: How to Add a Self-Signed Certificate to the Keystore Using the KeyTool Utility on Windows
  1. From the Command Prompt, navigate to the keytool utility directory, as follows: 

    cd %JAVA_HOME%\bin

    where:

    %JAVA_HOME%
    Is an environment variable defined on the machine that specifies the JDK or JRE installation directory. If this environment variable is not defined on the machine, you must explicitly specify the path to the Java installation directory.
  2. Enter the following command at the prompt to import the trusted certificate into the keystore: 

    keytool -importcert -alias alias_name -trustcacerts -file certificate_filename -keystore keystore_filename

    where:

    alias_name
    Is the name of the self-signed certificate alias in the keystore.
    certificate_filename
    Is the name of the certificate you will be adding to the keystore. For example, certnew.cer.
    keystore_filename
    Is the name of the keystore. For example, cacerts.
Top of page
Registering HTTPS Support

In order for WebFOCUS to request an HTTPS URL, a system property must be set to register HTTPS support. Add the following to the JVM options of your Application Server or servlet container: 

-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
Top of page
Configuring ReportCaster for Use With SSL

Note: If WebFOCUS and ReportCaster reside on the same machine, you must still follow these steps to update two sets of JREs.

The ReportCaster Development and Administration Interface uses a Java™ application to configure ReportCaster for use with SSL. To configure ReportCaster for use with SSL, perform the following steps on each individual client machine:

  1. Acquire a certificate for use with SSL. See Acquiring a Certificate.
  2. Use the keytool utility to add additional trusted authorities. See Registering a Self-Signed Certificate With the JVM.
  3. Register HTTPS support. See Registering HTTPS Support.

    Alternatively, you can set the JSSE Caster (enables the use of SSL on the ReportCaster Distribution Server) and JSSE Servlet (enables the use of SSL on the ReportCaster servlets) parameters to YES in the ReportCaster Server Configuration tool:

    • From the ReportCaster Development and Administration Interface, click ReportCaster Server Configuration.

      or

      From the Start Programs menu, select Information Builders, ReportCaster 76, Distribution Server, Configuration, and then click Edit.

    • The ReportCaster Server Configuration tool opens displaying the General tab. Open the JSSE Caster folder and then set the JSSE Caster and JSSE Servlet parameters to YES.
  4. Access the ReportCaster Server Configuration tool (see previous step) and click the MR Info tab. Change the URL in the Repository Node parameter so that it uses https instead of http.
  5. Click the Save icon, or select Save from the Action menu. A message appears asking for confirmation that you want to save the changes to the configuration file.
  6. Click Yes to save the changes, and then reload the ReportCaster Web application and restart the ReportCaster Distribution Server.
Top of page
Configuring ReportCaster Cookies for Use in SSL Environments

You can restrict the exchange of cookies to only HTTPS sessions by configuring the IBI_COOKIE_SECURE parameter in the ReportCaster web application. By default, this parameter is set to No. To modify the IBI_COOKIE_SECURE setting, edit the install_drive:\ibi\WebFOCUS76\webapps\rcaster76\WEB-INF\web.xml file and update the parameter as follows: 

<context-param>
	<param-name>IBI_COOKIE_SECURE</param-name>
	<param-value>YES</param-value>
</context-param>
WebFOCUS