Skip to Content

How do Incorporate an "Internal SSL"?

Mar 07 at 01:09 PM


avatar image

I've been asked to incorporate our company's "Internal SSL" certificate on the BOE servers. I'm not familiar with the appropriate steps for this configuration and would appreciate any input. Basically our web intelligence users login in at http:<server>:8080/BOE/BI and I need to configure it to use https:<server>:8080/BOE/BI

It is only accessed on our network not externally.

Is this a server configuration? Tomcat? BOE? All? What other issues could this create with other applications such as Information Design Tool, Web Intelligence Rich Client, etc?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Denis Konovalov
Mar 07 at 01:30 PM

The Admin guide has detailed information on what you need to do as do KBA's and tomcat vendor web site.
To do https:<server>:8080/BOE/BI you need to enable SSL connector on your tomcat.

10 |10000 characters needed characters left characters exceeded
Joe Peters Mar 07 at 01:46 PM

I'm assuming you only need to protect the connection from the user's browser to the web server (Tomcat, in your case).

(If you were using a load balancer or front-end web server (Apache or IIS), then the SSL configuration would be done there.)

There is information here on configuring Tomcat for SSL. The basic steps are:

  1. Get a certificate, which is created specifically for the URL and port.
  2. Load the certificate into a Java keystore file (not necessary if the certificate has been provided to you in this format)
  3. Update Tomcat's conf/server.xml file to uncomment (enable) the SSL connector, and configure it to point to the keystore file containing the certificate

Tomcat, by default, runs HTTP on port 8080 and HTTPS on 8443. Unless you're running another web server (like IIS) on 80/443, I would recommend changing tomcat to 80 and 443. Then you don't need to specify the port in the URL.

The certificate should be created for the server's FQDN, as well as any alternate URLs that would be used to access it -- such as the host name without domain and any DNS aliases. For example, "" and "bo:8443".

It's not required, but you'll probably want to redirect non-SSL requests to SSL once it's enabled. If you don't do this, then calls to http://server:8080/BOE/BI will still work (SSL is only active if the user explicitly accesses https://...). You will just need to add a few lines to webapps/BOE/WEB-INF/web.xml. Instructions are here.

If you're using WACS, then you may need to enable SSL for it, too. Instructions for this are in the Administrator's Guide.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thank you for the response. This is my first go round with SSL.. So the certificate was generated by our server team and I can see it in Microsoft management console. What is the necessary steps to utilize it from there? I read some material that mentioned exporting it to a pfx format...