Configuring the HTTPS Protocol

It is recommended that BusinessObjects Web servers be configured to use SSL via the HTTPS protocol for Data Services/Data Integrator. If your environment is configured to use HTTP, you can skip this section.

Obtain Security Certificates

From a Windows desktop, you can obtain a security certificates for each target BusinessObjects Data Services server using the Microsoft Internet Explorer Certificate Cache.

Note: Although other procedures are available for obtaining the required certificates, the procedure below can be performed from your Windows desktop.

Note: You need to carry out the instructions only if your server certificate is generated in-house (that is, self-signed) or if your server certificate is signed by a Certification Authority that is not trusted by the version of Java you are using. Alternatively, if your adapter connection fails by reporting the error “unable to find valid certification path to requested target” you need to carry out the instructions.

To obtain target BusinessObjects server security certificates:

  1. Open the Internet Explorer browser and navigate to the dispatch URL (replacing servername and port as it applies to your environment).

    Example: https://<adminHost:adminPort>/admin/servlet/webservices

    where adminHost is where the Data Integrator Administrator is installed and adminPort is the port the Data Integrator Administrator is listening on.

  2. Click View Certificate to open the Certificate dialog.

  3. Click Install Certificate.

  4. Click Next on the Certificate Import Wizard Welcome panel.

  5. Use the default option Automatically select the certificate store based on the type of certificate on the Certificate Store panel and click Next.

  6. Click Finish on the Completing Certificate Import Wizard panel.

    Note: If a Security Warning message displays informing you that you are about to install a certificate from a certification authority, click Yes to continue with the certificate installation. A message stating The import was successful displays.

  7. Click OK to close the message and return to the Certificate dialog.

  8. Click OK on the Certificate dialog. You can close your browser now.

  9. Repeat the process for each BusinessObjects server that you want to connect to with the BusinessObjects adapter.

Export Security Certificates

After you have obtained the security certificates for the target servers, you must export them from the Internet Explorer cache to a local directory.

To export the cached certificates to a local directory:

  1. Create the directory for the certificates on the local computer:

    Example: C:\BO-Certs

  2. Click Tools > Internet Options in Internet Explorer.

  3. Click the Content tab on the Internet Options dialog.

  4. Click Certificates in the Certificates area.

  5. Click the Trusted Root Certification Authorities tab on the Certificates dialog to display the list of trusted certificates. This list should contain the certificates for the target servers that were obtained in the previous procedure.

  6. Scroll through the list of certificates to find the certificates.

  7. Perform the procedure for each target server certificate:

    1. Choose the certificate and click Export to launch the Certificate Export Wizard.

    2. Click Next on the Welcome panel.

    3. Use the default option DER encoded binary X.509 (.CER) on the Export File Format panel and click Next.

    4. Enter the complete path to the BO-Certs directory on the File To Export panel and a unique name for the certificate:

      Example: C:\BO-Certs\servername.cer

    5. Click Next.

    6. Click Finish on the Completing the Certificate Export Wizard panel to complete the export. A message stating The export was successful displays.

    7. Click OK to close the message box.

  8. Click Close after all target server certificates have been exported to exit the Certificates dialog.

  9. Click OK to close the Internet Options dialog.

Import Target Server Certificates into a Java Keystore

You must now import the target server certificates into a local Java keystore. Note: These instructions assume that a JRE or JDK is in your system PATH.

To import certificates into a Java keystore:

  1. Open a Windows Command Prompt window.

  2. Change to the directory where the certificates are stored by entering the commands:

    Example: c:

    cd \BO-Certs

    Use the Java keytool utility to import a certificate. 

    keytool -import -file <certificate-filename> -alias <servername>-keystore <your_trusted_keystore.keystore-filename>

    Example: C:\BO-Certs>keytool -import -file sdkpubs01.crt -alias sdkpubs01 -keystore BOXI.keystore

    Note: When prompted to create a password for the keystore, enter a password at the prompt. The keystore utility displays the certificate information.

  1. Type yes at the Trust this certificate? [no] prompt and press Enter. The certificate is imported into the <your_trusted_keystore>.keystore keystore and the message displays:

    Example: Certificate was added to keystore.

  2. Repeat this procedure for each target server.

  3. Navigate to the folder where the adapter is installed and create a new directory named config:

    Example: <install dir>\master\services\{87c3269f-bfb8-4671-b97d-1d1333664af9}\config

  4. Create a text file named service.props if it does not already exist.

  5. Open the service.props text file and add the line:

    Example: Keystore=c:\\BO-Certs\\<your_trusted_keystore>.keystore

    Note: The use of escaped backslashes for windows directories.

    See Configuring service.props for other parameters that can be set in service.props related to polling, output, and log gathering.