Skip to Content

How do Incorporate an "Internal SSL"?

I've been asked to incorporate our company's "Internal SSL" certificate on the BOE servers. I'm not familiar with the appropriate steps for this configuration and would appreciate any input. Basically our web intelligence users login in at http:<server>:8080/BOE/BI and I need to configure it to use https:<server>:8080/BOE/BI

It is only accessed on our network not externally.

Is this a server configuration? Tomcat? BOE? All? What other issues could this create with other applications such as Information Design Tool, Web Intelligence Rich Client, etc?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Mar 07, 2018 at 01:30 PM

    The Admin guide has detailed information on what you need to do as do KBA's and tomcat vendor web site.
    To do https:<server>:8080/BOE/BI you need to enable SSL connector on your tomcat.

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 07, 2018 at 01:46 PM

    I'm assuming you only need to protect the connection from the user's browser to the web server (Tomcat, in your case).

    (If you were using a load balancer or front-end web server (Apache or IIS), then the SSL configuration would be done there.)

    There is information here on configuring Tomcat for SSL. The basic steps are:

    1. Get a certificate, which is created specifically for the URL and port.
    2. Load the certificate into a Java keystore file (not necessary if the certificate has been provided to you in this format)
    3. Update Tomcat's conf/server.xml file to uncomment (enable) the SSL connector, and configure it to point to the keystore file containing the certificate

    Tomcat, by default, runs HTTP on port 8080 and HTTPS on 8443. Unless you're running another web server (like IIS) on 80/443, I would recommend changing tomcat to 80 and 443. Then you don't need to specify the port in the URL.

    The certificate should be created for the server's FQDN, as well as any alternate URLs that would be used to access it -- such as the host name without domain and any DNS aliases. For example, "" and "bo:8443".

    It's not required, but you'll probably want to redirect non-SSL requests to SSL once it's enabled. If you don't do this, then calls to http://server:8080/BOE/BI will still work (SSL is only active if the user explicitly accesses https://...). You will just need to add a few lines to webapps/BOE/WEB-INF/web.xml. Instructions are here.

    If you're using WACS, then you may need to enable SSL for it, too. Instructions for this are in the Administrator's Guide.

    Add comment
    10|10000 characters needed characters exceeded