It's a weekend playing with Pentaho CE 5.3 Business Analytics server. Yeah..!!! it is. I love playing with Pentaho BI suite though it is a small outcome or a bigger. I can't classify this post is a bigger or smaller but I just want to share how I did this and hope this will helpful to someone, somewhere across the globe who is/are looking for the same.
- Sadakar Pochampalli
Special thanks to Madhava & Piyush Bhatt for making me to explore this.
Reference site to this article : https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Technology :
* Pentaho BA Server CE 5.3
* Tomcat-7
* Java 1.7 (Oracle Java)
* Operating System : Windows-7 Home Premium.
* Web browsers used to test : Google Chrome & Internet Explorer
* Web browsers used to test : Google Chrome & Internet Explorer
Aim of the article :
Install SSL certificate to Pentaho BA Server
i.e., change http://localhost:8080/pentaho TO https://localhost:8443/pentaho
What is Secure Sockets Layer (SSL) ?
- It is technology which allow web browsers and web servers to communicate over a secured connection.
- This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing.
- This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
- Another important aspect of the SSL/TLS protocol is Authentication.
- This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as "Client Authentication,"
- Although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.
Step by Step procedure :
1) Make sure java 1.7 is installed in machine & set JAVA_HOME in environment variables.
2) Also make sure Pentaho BA server is running as a test drive before installing SSL certificate.
3) There are two types of certificates we can install.
a) Self- Signed certificate ( Not trusted)
b) Certificate from a certificate authority.
4) This procedure is with Self-Signed based on self-signed certificate.
5) Navigate to the bin folder of JAVA installed from command prompt in Admin mode.
Example :
C:\Program Files\Java\jdk1.7.0_79\bin
6) To create a new
JKS
keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line:"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
Example :
C:\Program Files\Java\jdk1.7.0_79\bin>ketytool.exe -genkey -alias tomcat -keyalg RSA
7) The command will ask us enter password and few other details. The default password we can use is "changeit" or developer is flexible to give any name.
Example : changeit (Enter the password twice as it asks).
8) As shown in above command line utility finish giving all the other details & the last password could be same as first password or it could differ.
9) As soon as it re-directs to the path back, it will generate a certificate named as ".keystore" in system(computer) user location.
Example :
Location of User : C:\Users\sadakar\ (file directory)
File Name to find : .keystore
Note that .keystore is the self-signed certificate generated.
10) Now, install the above certificate to pentaho tomcat server. i.e., configure the certificate to the tomcat server.xml file.
Location of server.xml file :
E:\2_Archive_Installed\pentaho\biserver-ce-5.3.0.0-213\biserver-ce\tomcat\conf
Add below code : ( There is already a piece of code available in the file , un-comment the code and add new attributes to the tag).
The final code should look like as below.
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation ${user.home}/.keystore-->
<Connector
URIEncoding="UTF-8"
port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="200"
scheme="https"
secure="true"
keystoreFile="C:\Users\sadakar.p\.keystore"
keystorePass="changeit"
clientAuth="false"
sslProtocol="TLS" />
NOTE :
The .keystore file is hard coded - we can replace it by ${user.home}/.keystore
11) Start the pentaho BA server
(E:\2_Archive_Installed\pentaho\biserver-ce-5.3.0.0-213\biserver-ce\start-pentaho.bat)
12) Go to any web browser and type this URL : https://localhost:8433
Sample pentaho login screen with self-signed certificate installed
(Google Chrome)
14) Internet Explorer output
a)
b)
15) Sample pentaho login screen with out certificate installed
(Google Chrome)
IMP NOTE :
This is not a production related document instead a development experiment.
* JKS - Java Key Storke - A repository of security certificates.
- Sadakar Pochampalli
ReplyDeleteI would like to know how to configure the pentaho spoon (kettle) with postgresql using ssl I have the 2 certificates and the key