Previous Topic: BusinessObjects XI 3.x Post-Installation StepNext Topic: Verify the Reporting Installation

Installation GuideWebSphere VersionReport Server InstallationSecure the Report Server Connection on WebSphere

Secure the Report Server Connection on WebSphere

CA IdentityMinder and Report Server communicate over a non-secure connection. You can secure the connection between Report Server and CA IdentityMinder using Secure Sockets Layer (SSL) connection.

An SSL connection ensures that the communication is encrypted when data is accessed from the Report Server. Before you configure the SSL, verify that the BO (Business Objects) Server is HTTPS enabled. To secure the connection with SSL, you can either use a self-signed certificate or use a certificate from the Certified Authority (CA).

To configure the SSL connection using the Retrieve from Port page, retrieve a signer certificate from a remote SSL port. The system connects to the specified remote SSL host and port, and receives the signer certificate during the handshake using an SSL configuration.

Follow these steps:

  1. In the WebSphere console, under Security tasks, click the SSL certificate and key management.
  2. Under Related items, click Keystores and certificates.

    A list of keystores is displayed.

  3. Click NodeDefaultTrustStore link from the list of keystores.

    General Properties page is displayed.

  4. Under Additional Properties, click Signer certificates.
  5. Click Retrieve from port button.
  6. Provide values for the following fields:
    Host

    Specifies the report server host name to which you connect when attempting to retrieve the signer certificate from the SSL port.

    Port

    Specifies the SSL port to which you connect when attempting to retrieve the signer certificate.

    Note: In a network deployment environment, specify the appropriate secure sockets layer (SSL) port number when attempting to retrieve the signer certificate from a remote SSL port.

    • Use the port number that is associated with the port name, WC_adminhost_secure, when you retrieve a signer certificate from the deployment manager.
    • Use the port number that is associated with the port name, CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS, when you retrieve a signer certificate from a node.

    Verify that all the certificates are available before they are retrieved from the deployment manager or from base servers.

    SSL configuration for outbound connection

    Specifies the SSL configuration to connect to the previously specified SSL port. The previously specified SSL port configuration is also the SSL configuration that contains the signer after retrieval. The SSL configuration does not need to have a trusted certificate for the SSL port as it is retrieved during validation and presented here.

    Alias

    Specifies the certificate alias name of the signer certificate referred in the key store that is specified in the SSL configuration.

  7. Click Retrieve Signer Information.

    The information about the signer certificate is displayed.

  8. Click Apply or Save.

    The certificate is storedin the keystore. The SSL certificate is now configured.