Configure 360Suite with SSL

Configure 360Suite with SSL

Context

For many features, 360Suite needs to access the BOBJ RESTful API. The impacted modules are:

- 360View
- 360Eyes
- 360Cast
- 360Bind / WiiisdomOps for BusinessObjects

In this situation, 360Suite takes the role of client to the BOBJ RESTful service. If the service is accessible through https, 360Suite will try to validate that the certificate is trustful.
If you are using a self-signed certificate or a certificate signed by your enterprise certification authority, you will face some issues.

Symptoms

May it be in the interface, the task logs or the tomcat logs you will find the following error message: 

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Procedure

All performed actions are basic security configuration steps that should be mastered by the security team of the customer.
Wiiisdom only provides information about basic configuration that does not take into account any other custom configuration.
On windows, if you are using 360Suite for BI 4.3, the java directory is C:\Windows\360Suite430\jdk8u275-b01-jre\bin 
and if you are using 360Suite for BI 4.2 then the path is C:\Windows\360Suite424\jdk8u275-b01-jre\bin
 

Gather the data

For the following procedure you will need the certificate  of your BOBJ tomcat in the .cer format. If your security team provide any other format, here are the conversion steps:

Format of the input file
Procedure
.jks
    open a command prompt in the java directory, then
  1. keytool -exportcert -rfc -alias <alias> -file <certificate_path> -keystore <keystore_path> -storepass <keystore_password>
.pfx

  • Open up Internet Explorer

  • Go to the Internet Options window (from the “tools” button)

  • On the “Content” tab, select the Certificates button.

  • Import your .pfx file

  • Export the newly-imported certificate as a .cer file (base-64)


.crt

  1. Double-click on the *.crt file to open it into the certificate display.
  2. Select the Details tab, then select the Copy to file option
  3. Choose next on the Certificate Wizard
  4. Select Base-64 encoded X.509 (.CER) in the File format window, then Next.
  5. Select Browse (to locate a destination) and type in the filename.
  6. Choose Next, then the certificate file with the format .cer will be saved in the selected destination.


Adding the certificate

To import the certificate, we are going to use "Keytool". Keytool is a tool to manage security keys and certificates.
It can be found under the following folder %JAVA_HOME%\bin. Please follow the listed steps below to import the certificate:

1-You need to open a command prompt in the Java directory (where you have your keytool utility stored).
When using the Tomcat embedded with 360Suite, the default path for the keytool utility is:

C:\Windows\360Suite430\jre\bin\ (for installations starting from 2024.2)
C:\Windows\360Suite430\jdk8u275-b01-jre\bin\ (for older installations)

2-Once in the directory, you need to run the below command to import the certificate. Note, you will need to edit this command based on your own environment. 
      keytool -import -alias <alias> -keystore <keystore_path> -file <certificate_path>
            → <alias> is the name you want to identify this certificate with in the keystore
            → <keystore_path> is the path to the keystore (e.g. "../lib/ext/cacerts")
            → <certificate_path> is the path to the certificate to be added (e.g. "certificate.cer")

For example:
      keytool -import -alias "BO43_RestCertificate" -keystore "C:\Windows\360Suite430\jre\lib\security\cacerts" -file "F:\root.cer"

3-Once the certificate has been added to the keystore, there will be a prompt to enter a password. By default, the password is changeit, unless it has already been changed beforehand. 

If the Tomcat was running, it will require a restart to apply the changes.

    • Related Articles

    • Configure 360Eyes with SSL

      Symptom If you or a customer have activated SSL for the SAP BusinessObjects restful API web server, then you will need to configure the Wiiisdom's 360Suite applications in order to make them trust the used certificate. Procedure All performed actions ...

    • How does 360Eyes work with a CORBA SSL Enabled CMS?

      Symptom This article will explain you how does 360Eyes work with a CORBA SSL Enabled CMS. Environment 360Eyes Microsoft SQL Server SAP BusinessObjects Enterprise XI 3.1 SAP BusinessObjects Business Intelligence 4.0 SAP BusinessObjects Business ...

    • How to configure SQL Server with Windows Authentication

      Symptom When trying to configure a SQL Server database using Windows Authentication as part of the 360eyes database configuration, the following error is returned: "The driver is not configured for integrated authentication". Environment 360Eyes ...

    • Configure 360Eyes to run on SAP Business Objects 4.3SP2

      Symptom You run 360Eyes using the 360Eyes GUI or Command-Line against an SAP Business Objects Environment 4.3SP2. or  java -Xmx1024m -cp "../libs/;*%SDK_LIB_FOLDER%/*" com.gbs.eyes.Launcher <job> <cms> <BO_user> <BO_user_passwd> <auth> <360Eyes_dir> ...

    • "DB003: Suitable driver not found" when configuring 360Suite databases

      Symptom When configuring 360Suite main database When configuring 360Eyes database When trying to create a 360Cast or 360WOFBO SQL source When trying to create a 360View SQL Query Once you selected your database type and validate the form, you fet ...