on 04-16-2013 9:53 AM
I have configured SSL successfully on Tomcat and SIA.
And i can login properly through CMC and BI Launchpad as well.
Next step was to configure Thick clients to use SSL.
I executed the sslconfig.exe on the server at the following command prompt:
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64
using the following command:
sslconfig.exe -dir C:\SSL -mycert servercert.der -rootcert cacert.der -mykey server.key -passphrase passphrase.txt -protocol ssl
and it executed successfully and shows the proper files associated with each category:
even after this the thick clients like webi rich client and dashboard design are not able to logon to the server from client machines.
I copied the same C:\SSL folder from the server to my client machine and ran this command locally but it was not successful:
===================
1. What should i do to make the thick clients logon to the server.
2. For IDT i edited the informationdesigntool.ini file and it worked fine but what to do for webi and dashboard design.
3. Will the SSL files from server work on the client machine or int his case i need to generate new ones. If i have to generate new ones then have all of them to be generated for the client machine or only some of them and how.
4. What should i do to be able to logon from iPad using https://<server>:8443 (which i currently cannot) after doing the SSL configuration and given that i am able to logon to cmc and launchpad using https.
Hi,
Execute the sslconfig.exe on the server ( if client tools are installed on server ) or on the client at the following command prompt:
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x86
As Client tools will use the 32 bit only!
using the following command:
sslconfig.exe -dir C:\SSL -mycert servercert.der -rootcert cacert.der -mykey server.key -passphrase passphrase.txt -protocol ssl
For Mobile, open a new thread in the SAP BI Mobile community.
I think, if you are trying to connect your handheld device through proxy, it will not work.
you have to disable your proxy
Also, make sure you are able to open https://servername:8443 using safari first?
Regards,
Atul B
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Running the SSLCONFIG from the client's Win32_x86 directory got our clients working. But this is a pain because developers will want to switch between dev/staging/production throughout the day and in order to do this they would need to run the config to point the app(s) at a particular environment every time they want to change. Just because I enabled SSL on the BI backend doesn't mean that the fat clients should be required to use it. Is there a way to not have to connect via SSL from the fat clients?
Seemed like a good idea but when I set the protocol to default or mixed (after renaming the SSL directory) the client's do not connect. It seems that once you check the box in the SIA protocol tab to enable SSL, it is the only protocol it listens on. Although web apps are still able to connect via HTTP.
So in my case I was being obtuse. I didn't care to actually encrypt the thick client traffic, just to be able to access Tomcat via SSL for the mobile BI client to use. So I reverted all these changes and just made the config changes to Tomcat to enable SSL. Also, the self signed certs that are generated by these commands are only good for three months. So I ended up getting a cert cut from our internal PKI which was also arduous but was simplified by using the YellowCat KeyTool UI.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Saqib,
Have a look at the below notes, which may help with this error.
1856033 - "The JSON response contained an error" when viewing Dashboard in BI Mobile
Regards,
Siddhartha
Thanks
You comment got me thinking and i removed SSL between tomcat and SIA, as they both are on the same machine.
It worked like charm and all the clients are connecting to CMS
Thanks again.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Saqib,
I am trying to achieve SSL between MoBI app on iPad and the tomcat only.
I followed the below steps:
1. Generated the keystore file using the keytool.
2. Configured the 'server.xml' file as required, mentioning the keystore path and password.
Now when I access BI launchPad using a different machine on the network, using HTTPS I get following two options :
-> Click here to close the webpage
-> Continue to this website (not recommended)
I can access the application if I click on the second option above' Continue to this website'. But when I try to access MoBI on iPad using HTTPS communication, it gives an error.
Is there something which is missing here ?
Best Regards
Robin
Anybody anything please!!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1. Yup opened a message with SAP. (message number 0000342399 2013)
2. Can you please guide as to which registry settings should be modified or added (you are talking about webi registry settings . right?).
3. It is a government organization requiring access over internet through https. Is there way a simpler way of configuring SSL settings apart from the following:
1642329 - How To: Configure Corba SSL
http://blog.davidg.com.au/2012/12/setting-up-ssl-for-tomcat-and-sia-in-6.html
Thanks for your time.
Saqib Masood wrote:
3. It is a government organization requiring access over internet through https. Is there way a simpler way of configuring SSL settings apart from the following:
1642329 - How To: Configure Corba SSL
http://blog.davidg.com.au/2012/12/setting-up-ssl-for-tomcat-and-sia-in-6.html
To access a site over internet, you need SSL between client browser and web app server. This is different from Corba SSL you have configured. That one encrypts internal communications between all BOE services and web app server and all the clients. Has perfomrnace hit and in most cases is overkill.
Tho in government organizations might be needed.
Hi Saqib Masood
I have the exact same requirement to access the Business objects (Mobile, webi, explorer,dashobards) from external network for a government client, i configured the server.xml on the Tomcat for (https:servername:8443/BOE/BI) to work. Its working fine. could you please let me know what further steps you have performed in detail to achieve the same.
I also configured the SSL certificates and facing the same issue which you posted on your cmd screenshots, In the comments section below, confirmed that its an overkill to have SSL configured within the network and you disabled it. I opened a ticket with SAP as well. I am curious to know how to get resolved if you know the solution. Appreciate your help. Thanks in advance.
I also configured the SSL certificates and facing the same issue which you posted on your cmd screenshots, In the comments section below, confirmed that its an overkill to have SSL configured within the network and you disabled it. I opened a ticket with SAP as well. I am curious to know how to get resolved if you know the solution.
We have a 3 tier environment, on the Intelligence tier we were able to successfully execute the command for the thick clients (CCM)
sslconfig.exe -dir c:\SSL -mycert servercert.der -rootcert cacert.der -mykey server.key -passphrase passphrase.txt -protocol ssl
But for the Application Tier and Processing Tier it was not working, (error shown in the CMD screen shot by saqib), after couple of days executed the same command on the Applcation Tier, suprisingly it worked fine. Trust me i haven't done any changes. Wierd.
On the processing tier we tried to execute but no luck, we resolved it by
Copied the Registry keys for SSL from the Application Tier and Imported into Processing Tier which resolved the issue. (HKEY_LOCAL_MACHINE/SOFTWARE/Sap BusinessObjects/Suite XI 4.0/CER)
File/Export the entire CER registry folder, copy into Processing Tier, Take a backup of entire registry keys in processing tier by exporting it to Desktop. Double click on the copied registry key from Application tier and install them; the issue was resolved.
An Update:
On client machine win64_x64 is not available so sslconfig.exe was run from following location:
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x32
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Transport error: Insufficient resources.(FWM 00002)
This error i get while logging in through Dashboard Design.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Saqib.
Please refer the below SNotes From SAP Market Place regarding "Transport Error in Xcelsius 2008"
1397164 - Error "Transport Error:Communicaton Failure" when Saving to or Opening from Business Objects Enterprise XI 3.1 in Xcelsius 2008
Links:
https://service.sap.com/sap/support/notes/1397164
Hope this will help you as well.
Thanks,
Daya
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.