Reports Properties Information Worksheet

Implementation Guide › Implementing Enterprise Reporting › How to Set Up Reporting Service Server Components › Configure the Connection to CA Business Intelligence › Open the CA Identity Manager Management Console › Reports Properties Information Worksheet

Reports Properties Information Worksheet

Use this worksheet to gather the required information to configure the Reports Properties page in CA Identity Manager Management Console.

Information Needed	Your Value	Notes
Database Host Name		Hostname of the server where the Enterprise Management Server is installed.
Database Port		Enter the database port number.
Database Name
Database Type		Oracle or Microsoft SQL Server.
Database Username		User ID of the database user that you specified during the installation of Enterprise Management Server.
Database User Password		Password for the Database user.
Business Objects Server Name		Hostname of the server where CA Business Intelligence is installed.
Business Objects Port		The Tomcat server port number. The default port is 8080.
Business Objects Reports folder		Enter CA ControlMinder r12.6
Business Objects Web Server		Select if the CA Business Intelligence server is IIS or non-IIS.
Business Objects Secure Communication		Select Enable SSL.
Business Objects Username		User ID for the CA Business Intelligence Administrator provided during CA Business Intelligence installation.
Business Objects User Password		Password for the Administrator.

Create a CSR (SSL Certificate Signing Request)

Before you enable SSL, generate a CSR (Certificate Signing Request) on the CA Business Intelligence Reporting Server. CA ControlMinder supports only JCEKS key stores. The keytool application described in this procedure is installed with your Java development kit.

Follow these steps:

On the system hosting your CA Business Intelligence Reporting Server, open a command prompt window.

Browse to the following directory:

Program_Files\Java\your_Java_version\bin

Run the following command:
```
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore key_store_path
```
Example: keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore c:keystorekeystore.jks
Enter your keystore password as secret.
The certreq.csr file is created.

The file is encoded in PEM format and can be entered into the CA (Certificate Authority) website. You have generated a CSR on the CA Business Intelligence Reporting Server.

Note: Verify to include the following tags:

-----BEGIN NEW CERTIFICATE REQUEST-----

-----END NEW CERTIFICATE REQUEST-----

More information:

Obtain Certificate Signed by a CA

To obtain a certificate that is signed by a Certificate Authority, go to the CA’s website and complete the online submission form. For more information about commercial CAs, you can visit one of these web sites:

VeriSign
http://digitalid.verisign.com/server/apacheNotice.htm
Thawte
http://www.thawte.com/certs/server/request.html

Allow 5-10 working days for the CA to process your request.

Enable SSL in the Server.xml File

You configure the SSL Connector in the Tomcat server.xml file.

Follow these steps:

Locate the Tomcat server.xml file, and open it in a text editor. The server.xml file located in the following directory:

Tomcat_Home/conf/server.xml

Locate the following text:

<!--
<Connector
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true";
           clientAuth="false" sslProtocol="TLS"/>
-->

Comment out the following tags  to enable the Connector.
Locate the following text:
```
port=
```
Verify that the port number is set to 8443.
Note: Verify that the redirectPort property is also updated to port number 8443 in the server.xml file.

Add the following properties:

keystoreFile="key_store_path" keystorePass="password_of_the_key_store_file"

Save and close the file.
Restart Tomcat.
You have configured the SSL connector in the server.xml file.

To verify the changes, open a browser and enter https://localhost. A Tomcat certificate error appears.

Install the CSR

Install the certificate that you received from the CA to the same keystore that you used to generate your CSR. In this scenario, this is the CA Business Intelligence Reporting Server keystore. Install the CA-signed CSR to enable SSL.

Note: Back up your CA-signed certificate in a safe location. Backing up this file makes re-securing your server easier if your server crashes.

Follow these steps:

Copy and paste the CA-signed certificate into a text file.
Note: Verify that the file includes the following tags:
```
-----BEGIN NEW CERTIFICATE REQUEST----- 
```
```
-----END NEW CERTIFICATE REQUEST-----
```
Rename the file as rootcert.txt.
Open the command prompt, and enter the following command to import the root certificate:
```
keytool -import -alias tomcat -keystore key_store_path -trustcacerts -file rootcert.txt
```
Example: keytool -import -alias tomcat -keystore C:keystorekeystore.jks -trustcacerts -file rootcert.txt

The root certificate is installed.
Open the certreq.csr file created in create a CSR procedure.
Rename the file as mycert.txt.
In the command prompt, enter the following command to import your new certificate:
```
keytool -import -alias tomcat -keystore key_store_path -trustcacerts -file mycert.txt
```
Example: keytool -import -alias tomcat -keystore C:keystorekeystore.jks -trustcacerts -file mycert.txt

You have installed the CA-signed certificate.

More information:

Obtain Certificate Signed by a CA

Verify the SSL Connection

You can verify the SSL connection to CA Business Intelligence Report Server.

Follow these steps:

Open a web browser.
Enter the following address:
```
https://locahost:port
```
For example, if your SSL was issued to cabireportserver.com, enter https://cabireportserver.com into your browser.

The Tomcat default page appears without any certificate errors. You have successfully configured SSL connection to CA Business Intelligence.