cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP BO SIA SSL configuration

Former Member

on ‎02-26-2018 12:55 PM

0 Kudos

Dear SCN-Community,

currently I´m in trouble with ssl configuration for BI platform. I have successful added my 3rd party signed certificates to the tomcat. So actually all HTTP requests are secured.

Second part is to secure the SIA. Each guide/how-to (for e.g. Configure SIA to Use SSL Certificates in BI 4.2 SP4) use the files which you can see below.

I think these are self generated files. Is there a way to use my 3rd party signed certificates or should we use the self generated version?

Kind regards

André

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

denis_konovalov
Active Contributor
‎02-26-2018 1:08 PM

1. Corba SSL is used to secure communication between BI Platform nodes and between them and webapp server - meaning no external user or any user visibility into it - that means self signed certificate is perfectly acceptable here. You only need authority signed certificate for HTTPS/SSL on your web servers/web app servers.
2. mentioning which version you use might help as well - new Admin guides have the steps on how to use certificate authority certificates in them.

Show replies
Show replies
Former Member
‎02-26-2018 1:35 PM
0 Kudos

Hello Denis,

thanks for fast reply. As I understand it right I don´t need SIA SSL configuration if I use a single instance deployment where everything runs on one machine?

I´m using 4.2 SP05.

Kind regards

André

denis_konovalov
Active Contributor
‎02-26-2018 1:40 PM

On a single machine scenario I do not see the need to have corba ssl enabled, but that's me - I do not see why it is needed at all - since if an attacker is able to intercept communications on the internal network - intercepting BOE communications is the least of the problems that poses.
But certain businesses require all communications encrypted, so that's why this option is there.

Former Member
‎02-26-2018 1:49 PM
0 Kudos

Ok thanks! So if the SIA SSL only secures the communication between the instances I don´t see any reason too!

denis_konovalov
Active Contributor
‎02-26-2018 1:52 PM
0 Kudos

just to clarify - between all the servers/services BOE is running. Even on a single machine - those services talk to each other. Corba SSL encrypts all that communication.

Former Member
‎02-26-2018 3:00 PM
0 Kudos

Ok. So if I:

- enable SSL in SIA

- attache the certificates in SIA

- configure the Tomcat <-> SIA SSL communication (java options)

- configure HTTPS for WACS

the back-end communication should use SSL?

Does this affect Design Studio / Analysis for Office Client connection via "dswsbobje"?

Kind regards

André

denis_konovalov
Active Contributor
‎02-26-2018 3:04 PM
0 Kudos

Yes, if you're doing corba ssl, you should also encrypt communications to reporting DB.
And Yes - all clients connecting via dswsbobje will be affected as well. All clients will need to be enabled to use corba ssl as well.

Former Member
‎02-27-2018 8:01 AM
0 Kudos

Ok fine.

  1. Is "dswsbobje" secured via Tomcat HTTPS or corba SSL?
  2. Do you have an overview/how-to with the necessary steps on client side? Is this relevant for Analysis for Office and Design Studio client?

Thanks

André

denis_konovalov
Active Contributor
‎02-27-2018 1:07 PM
0 Kudos

dswsbobje is webapp, so it is secured by https on tomcat.
Admin guide has all the details on client tools steps.

Ask a Question