Skip to Content

BO Enterprise (with tomcat) SSL/HTTPS set up

Hello together,

i need your help. I currently trying to configure the SSL/HTTPS for our BO Enterprise 4.2 Plattform. I checked the guide sbo42_bip_admin_en.pdf and i run all steps from 8.13.1 (Creating key and certificate files). I have now many files in my folder :)

I'm a little bit confused now, i need the certificate request (CSR) for the CA, which should sign the Certificate. Which of the files is it?

The next sesction in the Guide is "8.13.2 Setting up SSL when the certificate is managed by a certificate authority". But this steps are also confusing...

Some SAP Notes (e.g 1185443) talking about a PSE is needed and the Tomcat will use a keystore?

The official documentation is a little bit strange.

Can somebody help us? Which step

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Aug 17, 2017 at 05:35 PM

    If you need to setup HTTPS/SSL for your tomcat - this is the place where the help is :


    This part has nothing to do with BOE servers or platform, it is a standard network/webapp servers process.

    The SSL part in Admin guise is about Corba SSL - protocol between BOE processing servers and services, which in most scenarios you do not need.


    Add comment
    10|10000 characters needed characters exceeded

  • Aug 23, 2017 at 09:27 AM

    Hello Denis,

    we successfully configured now the SSL Connection to tomcat. Thanks four your help!

    The customer wants now, that we also configure the COBRA SSL (BO Tools <> Server Intelligence Agent). I check the Admin Guide and also the SAP Note 1642329, which is based on the Admin guide.

    I have some trouble to understand the needed steps now, to generate a CSR (which i can send to the CA to sign it). From the SAP Note 1642329 i run the steps 1, 2, 7, 8, 9 (until now). I skipped the Steps 3, 4, 5, 6 . But the generated CSR (Step 9) was rejected by the CA. Did i something wrong or is a step missing? or must i run other steps with openssl?

    Another question:

    Can i use also the already signed certificate from the tomcat ssl configuration? I think it is possibile to extract the private key (of the server) from the keystore or? or should i use my p7b File (PKCS) to do it ?

    kind regards

    Tobias Frerix

    Add comment
    10|10000 characters needed characters exceeded

    • Just use self signed certificate for corba ssl and follow steps in sequence.
      Since its all internal and not exposed to outside - no need to do CA signed certificates.

      also, - does the customer fully understand the implication of enabling corba SSL protocol for boe services ?
      Do they realize that they will need to enable it on each client machine they have of they want those BOE clients to connect to server ?
      Are they ready for possible performance hit due to encrypting/decrypting all communications between all boe services ?