Skip to Content

How to enable SSL for WACS

Hi experts

We are currently trying to enable SSL for WACS to get BI-Administrators-Cockpit to work. We only see “a network error occurred” at the moment. But we don’t manage to get it running properly. We tried the following two variants:

1) PKCS12:

We used the pfx file that we created based on the same certificate we use for tomcat. But when we start the WACS server we get the following error message:

Failed to load keystore type PKCS12 with path C:\Windows\xxx.pfx due to Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

WACS does not even start.

2) JKS

We created our own JKS keystore and WACS started properly. But when we try to connect to the RESTful URL: “https://<servername>:<port>/biprws “ we get the following error message in Chrome: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.

We also tried to convert the existing .p12 keystore (BO / BW SSO) to JKS but we get the same error.

Does anybody have an idea on how to enable SSL for WACS? And yes we basically followed the notes mentioned here: https://launchpad.support.sap.com/#/notes/2391613

SAP BI 4.2 SP4 Patch 2

Thank you very much
Lars

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Oct 19, 2017 at 01:02 PM

    Hi everybody

    I finally managed to get it working. If someone is interessted our problem was the following:

    The default keysize of the keystore generated with JKS method is not sufficient (with BI 4.2 SP4 PL2). This is due to security enhancements described in SAP Note 2433337.

    “Minimum certificate key length required 2048 (Earlier it was 1024)”

    In Note 1618311 SAP does not indicate that the keysize has to be configured.

    Original Command to create the keystore:

    <installation_directory>\Program Files (x86)\SAP Business Objects\SAP Business Objects Enterprise XI 4.0\win64_x64\sapjvm\bin\keytool -genkey -alias WACS -keyalg RSA

    Actually working command to create the keystore (for BI 4.2 SP4 PL2):

    <installation_directory>\Program Files (x86)\SAP Business Objects\SAP Business Objects Enterprise XI 4.0\win64_x64\sapjvm\bin\keytool -genkey -alias WACS -keyalg RSA -keysize 2048

    Hope this information will help others who are struggling with WACS SSL too.

    Regards
    Lars

    Add comment
    10|10000 characters needed characters exceeded