In this section:
Reference: |
The Secure Sockets Layer (SSL) is a protocol for managing the confidentiality of data transmitted over the Internet. In order to configure WebFOCUS for use with SSL, a certificate must be installed for the Web server and enabled for SSL.
Some WebFOCUS components make internal calls to the Web server. Depending on the application server you use, these components may be able to make https (SSL) calls using the default certificate provided by your application server. If your application server does not provide a default certificate, or if you want to enhance performance by minimizing the number of https calls, you can configure WebFOCUS to make more efficient http calls by operating within the secure environment established when the user connected to the Web using SSL.
To configure ReportCaster to use http calls to the application server:
The Default Library URL setting on the Library tab should remain pointed to the Web server.
When you open the ReportCaster Development and Administration interface, you will be notified that an SSL certificate is being passed through to the browser. Click Yes in order to continue using the ReportCaster interface.
A certificate is your public key. A public key is a value provided by a third party (known as the Certificate Authority) as an encryption key. The public key combines with a private key (derived from the public key) to encrypt messages transmitted on the Internet.
Certificates establish trust. If you trust a Certificate Authority, then you trust all of its certificates. As shipped by Sun, the Java Development Kit (JDK) trusts Verisign and Thawte.
Other trusted authorities can be added to your JDK/JRE with the keytool utility that is shipped with the JDK/JRE.
To configure WebFOCUS for use with SSL, you must perform the following steps:
To acquire a certificate, you must create a certificate request and deliver it to a Certificate Authority, who generates the certificate. You must then install the certificate for a particular Web server.
For more information about acquiring a certificate, see https://digitalid.verisign.com/server/help/hlpEnrollServer.htm.
Note: For testing purposes, a self-signed certificate can be generated and used without using a third-party Certificate Authority.
How to: |
Note: You may skip this step if you have a trusted certificate.
You can add trusted authorities to the Java installation used by your WebFOCUS installation with the keytool utility that is shipped with the JDK/JRE. By default, the keytool utility is located in the $JAVA_HOME/bin directory. The default keystore is located in the $JAVA_HOME/jre/lib/security directory.
Note: $JAVA_HOME is a UNIX environment variable. On Windows, this is %JAVA_HOME%.
cd %JAVA_HOME%\bin
where:
Is an environment variable defined on the machine that specifies the JDK or JRE installation directory. If this environment variable is not defined on the machine, you must explicitly specify the path to the Java installation directory.
keytool -importcert -alias alias_name -trustcacerts -file certificate_filename -keystore keystore_filename
where:
Is the name of the self-signed certificate alias in the keystore.
Is the name of the certificate you will be adding to the keystore. For example, certnew.cer.
Is the name of the keystore. For example, cacerts.
In order for WebFOCUS to request an HTTPS URL, a system property must be set to register HTTPS support. Add the following to the JVM options of your Application Server or servlet container:
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
In this section: |
Note: Even if WebFOCUS and ReportCaster reside on the same machine, both the Application server and the distribution server must have JRE certificates.
The ReportCaster Development and Administration Interface uses a Java™ application to configure ReportCaster for use with SSL. To configure ReportCaster for use with SSL, perform the following steps on each individual client machine:
WebFOCUS |