Configure 360Eyes with SSL

Configure 360Eyes with SSL

Symptom

If you or a customer have activated SSL for the SAP BusinessObjects restful API web server, then you will need to configure the Wiiisdom's 360Suite applications in order to make them trust the used certificate.

Procedure

All performed actions are classic security configuration that should be mastered by the security team of the customer.
We just provide information about a classic configuration that does not take account about any specific customer configuration.

All Wiiisdom 360Suite applications are using the Java JVM.
As those applications communicate with SAP BusinessObjects through the Restful API running on a SSL activated web server, the appropriate certificate must be trusted by the used JVM. 
To do so we need to import the certificate in cacert file with a command like:

If you already have a valid cacerts file you can skip this step : 360Web Platform or 360eyes

Import the certificate to the client's cacerts by using the keytool utility.

In a command prompt, navigate to the directory <JAVA_HOME>\jre\lib\security\ and use the following command:
keytool -import -alias <local certificate name> -file <certificate file> -keystore cacerts

For example:
keytool -import -alias my_ssl_cert -file ssl-credentials-cert1.crt -keystore cacerts

Once you have imported the certificate, copy the updated cacerts file.

Running from the CMC

By default, 360eyes is using the Java provided by BOBJ.
<BOBJ_INSTALL> /SAP BusinessObjects Enterprise XI 4.0/win64_x64/sapjvm/jre/lib/security


If it is not the JAVA used by default, it is the same procedure but in <JAVA_PATH>\jre\lib\security\cacerts
If you previously set up -Djavax.net.ssl parameters in the JVM Arguments of your 360eyes jobs, you can remove them as they are no longer needed !

Running from the GUI/CLI

Check the 360eyes_GUI.bat or 360eyes script in 360eyes/tools to see which JAVA is used :
java -cp "%SDK_LIB_FOLDER%/*;../libs/*" com.gbs.eyes.LauncherGui
java -cp "%SDK_LIB_FOLDER%/*;../libs/*" com.gbs.eyes.Launcher <job> <cms> <BO_user> <BO_user_passwd> <auth> <360Eyes_dir>

If it is just written java, it is the one defined in JAVA_HOME

Go to that folder and replace the cacerts file there <JAVA_PATH>\jre\lib\security\cacerts


If the GUI was running, you'll need to restart it to apply the changes
If you previously set up -Djavax.net.ssl parameters in the GUI360eyes jobs, you can remove them as they are no longer needed !

Additional Information

The default password for the sapjvm cacerts file is 'changeit' if you didn't modify it.

SAP Help Portal

To verify if the cacerts in the SAPJVM is valid, you can :

  1. run this command line:

"<BOBJ_INSTALL>\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\bin\keytool" -list -keystore "<BOBJ_INSTALL>\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\lib\security\cacerts" > result.txt

  1. Open the file result.txt

  2. Search if the RESTful Web Service URL is present.


    • Related Articles

    • How does 360Eyes work with a CORBA SSL Enabled CMS?

      Symptom This article will explain you how does 360Eyes work with a CORBA SSL Enabled CMS. Environment 360Eyes Microsoft SQL Server SAP BusinessObjects Enterprise XI 3.1 SAP BusinessObjects Business Intelligence 4.0 SAP BusinessObjects Business ...

    • Configure 360Suite with SSL

      Context For many features, 360Suite needs to access the BOBJ RESTful API. The impacted modules are: - 360View - 360Eyes - 360Cast - 360Bind / WiiisdomOps for BusinessObjects In this situation, 360Suite takes the role of client to the BOBJ RESTful ...

    • Configure 360Eyes to run on SAP Business Objects 4.3SP2

      Symptom You run 360Eyes using the 360Eyes GUI or Command-Line against an SAP Business Objects Environment 4.3SP2. or  java -Xmx1024m -cp "../libs/;*%SDK_LIB_FOLDER%/*" com.gbs.eyes.Launcher <job> <cms> <BO_user> <BO_user_passwd> <auth> <360Eyes_dir> ...

    • How to configure SQL Server with Windows Authentication

      Symptom When trying to configure a SQL Server database using Windows Authentication as part of the 360eyes database configuration, the following error is returned: "The driver is not configured for integrated authentication". Environment 360Eyes ...

    • SEN015 warning when configuring the SMTP server

      Symptom The following warning appears: when an email is sent by the application: SMTP Configuration in the Admin Console. Email notifications in a task or a watcher. Email notification in the 360Vers workflow. Environment 360WebPlatform Microsoft ...