Skip to Content
0

BO Enterprise (with tomcat) SSL/HTTPS set up

Aug 16, 2017 at 12:38 PM

197

avatar image

Hello together,

i need your help. I currently trying to configure the SSL/HTTPS for our BO Enterprise 4.2 Plattform. I checked the guide sbo42_bip_admin_en.pdf and i run all steps from 8.13.1 (Creating key and certificate files). I have now many files in my folder :)

I'm a little bit confused now, i need the certificate request (CSR) for the CA, which should sign the Certificate. Which of the files is it?

The next sesction in the Guide is "8.13.2 Setting up SSL when the certificate is managed by a certificate authority". But this steps are also confusing...

Some SAP Notes (e.g 1185443) talking about a PSE is needed and the Tomcat will use a keystore?

The official documentation is a little bit strange.

Can somebody help us? Which step

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Denis Konovalov
Aug 17, 2017 at 05:35 PM
1

If you need to setup HTTPS/SSL for your tomcat - this is the place where the help is :

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

or

https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

This part has nothing to do with BOE servers or platform, it is a standard network/webapp servers process.

The SSL part in Admin guise is about Corba SSL - protocol between BOE processing servers and services, which in most scenarios you do not need.

p.s.

https://en.wikipedia.org/wiki/Self-signed_certificate

https://en.wikipedia.org/wiki/Certificate_authority

Share
10 |10000 characters needed characters left characters exceeded
Tobias Blum Aug 23, 2017 at 09:27 AM
0

Hello Denis,

we successfully configured now the SSL Connection to tomcat. Thanks four your help!

The customer wants now, that we also configure the COBRA SSL (BO Tools <> Server Intelligence Agent). I check the Admin Guide and also the SAP Note 1642329, which is based on the Admin guide.

I have some trouble to understand the needed steps now, to generate a CSR (which i can send to the CA to sign it). From the SAP Note 1642329 i run the steps 1, 2, 7, 8, 9 (until now). I skipped the Steps 3, 4, 5, 6 . But the generated CSR (Step 9) was rejected by the CA. Did i something wrong or is a step missing? or must i run other steps with openssl?

Another question:

Can i use also the already signed certificate from the tomcat ssl configuration? I think it is possibile to extract the private key (of the server) from the keystore or? or should i use my p7b File (PKCS) to do it ?

kind regards

Tobias Frerix

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Just use self signed certificate for corba ssl and follow steps in sequence.
Since its all internal and not exposed to outside - no need to do CA signed certificates.

also, - does the customer fully understand the implication of enabling corba SSL protocol for boe services ?
Do they realize that they will need to enable it on each client machine they have of they want those BOE clients to connect to server ?
Are they ready for possible performance hit due to encrypting/decrypting all communications between all boe services ?

0