Skip to Content
1

How to enable SSL for WACS

Oct 19, 2017 at 08:19 AM

470

avatar image
Former Member

Hi experts

We are currently trying to enable SSL for WACS to get BI-Administrators-Cockpit to work. We only see “a network error occurred” at the moment. But we don’t manage to get it running properly. We tried the following two variants:

1) PKCS12:

We used the pfx file that we created based on the same certificate we use for tomcat. But when we start the WACS server we get the following error message:

Failed to load keystore type PKCS12 with path C:\Windows\xxx.pfx due to Algorithm not allowable in FIPS140 mode: PBE/PKCS12/SHA1/RC2/CBC/40

WACS does not even start.

2) JKS

We created our own JKS keystore and WACS started properly. But when we try to connect to the RESTful URL: “https://<servername>:<port>/biprws “ we get the following error message in Chrome: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.

We also tried to convert the existing .p12 keystore (BO / BW SSO) to JKS but we get the same error.

Does anybody have an idea on how to enable SSL for WACS? And yes we basically followed the notes mentioned here: https://launchpad.support.sap.com/#/notes/2391613

SAP BI 4.2 SP4 Patch 2

Thank you very much
Lars

10 |10000 characters needed characters left characters exceeded

Fixed the tags for you. Security tag is not related to WACS and SSL.

0
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
avatar image
Former Member Oct 19, 2017 at 01:02 PM
3

Hi everybody

I finally managed to get it working. If someone is interessted our problem was the following:

The default keysize of the keystore generated with JKS method is not sufficient (with BI 4.2 SP4 PL2). This is due to security enhancements described in SAP Note 2433337.

“Minimum certificate key length required 2048 (Earlier it was 1024)”

In Note 1618311 SAP does not indicate that the keysize has to be configured.

Original Command to create the keystore:

<installation_directory>\Program Files (x86)\SAP Business Objects\SAP Business Objects Enterprise XI 4.0\win64_x64\sapjvm\bin\keytool -genkey -alias WACS -keyalg RSA

Actually working command to create the keystore (for BI 4.2 SP4 PL2):

<installation_directory>\Program Files (x86)\SAP Business Objects\SAP Business Objects Enterprise XI 4.0\win64_x64\sapjvm\bin\keytool -genkey -alias WACS -keyalg RSA -keysize 2048

Hope this information will help others who are struggling with WACS SSL too.

Regards
Lars

Show 1 Share
10 |10000 characters needed characters left characters exceeded

This helped a lot - thank you very much!!!

0