cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring Thick Clients + BO Mobile on SSL

Former Member

on ‎04-16-2013 9:53 AM

0 Kudos

I have configured SSL successfully on Tomcat and SIA.

And i can login properly through CMC and BI Launchpad as well.

Next step was to configure Thick clients to use SSL.

I executed the sslconfig.exe on the server at the following command prompt:

C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64

using the following command:

sslconfig.exe -dir C:\SSL -mycert servercert.der -rootcert cacert.der -mykey server.key -passphrase passphrase.txt -protocol ssl

and it executed successfully and shows the proper files associated with each category:

even after this the thick clients like webi rich client and dashboard design are not able to logon to the server from client machines.

I copied the same C:\SSL folder from the server to my client machine and ran this command locally but it was not successful:

===================

1. What should i do to make the thick clients logon to the server.

2. For IDT i edited the informationdesigntool.ini file and it worked fine but what to do for webi and dashboard design.

3. Will the SSL files from server work on the client machine or int his case i need to generate new ones. If i have to generate new ones then have all of them to be generated for the client machine or only some of them and how.

4. What should i do to be able to logon from iPad using https://<server>:8443 (which i currently cannot) after doing the SSL configuration and given that i am able to logon to cmc and launchpad using https.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎05-09-2014 7:53 AM
0 Kudos

Hi,

Execute the sslconfig.exe on the server ( if client tools are installed on server ) or on the client  at the following command prompt:

C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x86

As Client tools will use the 32 bit only!

using the following command:

sslconfig.exe -dir C:\SSL -mycert servercert.der -rootcert cacert.der -mykey server.key -passphrase passphrase.txt -protocol ssl

For Mobile, open a new thread in the SAP BI Mobile community.

I think, if you are trying to connect your handheld device through proxy, it will not work.

you have to disable your proxy

Also, make sure you are able to open https://servername:8443 using safari first?

Regards,

Atul B

Show replies
Show replies
former_member195446
Participant
‎05-09-2014 2:53 PM
0 Kudos

Hi Atul,

Thank you for your prompt response.

After executing that command all thick client tools are working fine ,But Web Intelligence Rich Client is not working.

please find the attached webi intelligence error screen shot:


bill_winters
Explorer
‎09-05-2014 7:51 PM
0 Kudos

Running the SSLCONFIG from the client's Win32_x86 directory got our clients working.  But this is a pain because developers will want to switch between dev/staging/production throughout the day and in order to do this they would need to run the config to point the app(s) at a particular environment every time they want to change.  Just because I enabled SSL on the BI backend doesn't mean that the fat clients should be required to use it.  Is there a way to not have to connect via SSL from the fat clients?

denis_konovalov
Active Contributor
‎09-05-2014 7:56 PM
0 Kudos

@Bill - this switch " -protocol" is your answer. It has option for both SSL/Non-ssl. More in Admin guide.

bill_winters
Explorer
‎09-05-2014 8:20 PM
0 Kudos

Seemed like a good idea but when I set the protocol to default or mixed (after renaming the SSL directory) the client's do not connect.  It seems that once you check the box in the SIA protocol tab to enable SSL, it is the only protocol it listens on.  Although web apps are still able to connect via HTTP.

bill_winters
Explorer
‎12-31-2014 9:23 PM
0 Kudos

So in my case I was being obtuse.  I didn't care to actually encrypt the thick client traffic, just to be able to access Tomcat via SSL for the mobile BI client to use.  So I reverted all these changes and just made the config changes to Tomcat to enable SSL.  Also, the self signed certs that are generated by these commands are only good for three months.  So I ended up getting a cert cut from our internal PKI which was also arduous but was simplified by using the YellowCat KeyTool UI.

Former Member
‎05-24-2013 4:14 PM
0 Kudos

Hi Robin we are also getting an error trying to view Dashboard Design Objects. WebI objects are working in fine in the scenario you mentioned.

Is your error same as below?

Show replies
Show replies
Former Member
‎05-27-2013 8:27 AM
0 Kudos

Hi Saqib,

Have a look at the below notes, which may help with this error.

1856033 - "The JSON response contained an error" when viewing Dashboard in BI Mobile

1864906 - Mobile app dashboard viewing in SSL mode gives error "Could not receive information from t...

Regards,

Siddhartha

Former Member
‎04-19-2013 1:25 PM
0 Kudos

Thanks

  Re: Configuring Thick Clients + BO Mobile on SSL

   Denis Konovalov  Active Contributor Gold

    Denis

You comment got me thinking and i removed SSL between tomcat and SIA, as they both are on the same machine.

It worked like charm and all the clients are connecting to CMS

Thanks again.

Show replies
Show replies
Former Member
‎04-30-2013 4:50 PM
0 Kudos

Hi Saqib,

I am trying to achieve SSL between MoBI app on iPad and the tomcat only.

I followed the below steps:

1. Generated the keystore file using the keytool.

2. Configured the 'server.xml' file as required, mentioning the keystore path and password.

Now when I access BI launchPad using a different machine on the network, using HTTPS I get following two options :

-> Click here to close the webpage

-> Continue to this website (not recommended)

I can access the application if I click on the second option above' Continue to this website'. But when I try to access MoBI on iPad using HTTPS communication, it gives an error.

Is there something which is missing here ?

Best Regards

Robin

former_member195446
Participant
‎05-08-2014 11:10 AM
0 Kudos

Hi saqib,

we have same issue,Could you please tell me how u removed SSL between tomcat and SIA.

Thnaks


Former Member
‎04-18-2013 8:25 PM
0 Kudos

Anybody anything please!!!

Show replies
Show replies
denis_konovalov
Active Contributor
‎04-18-2013 9:57 PM
0 Kudos

Webi Rich Client is java - have you tried adding same java properties you used in Tomcat to its registry settings ?

Have you tried opening support message with SAP ?

p.s.

Corba SSL is such an overkill, why do you need it ?

Former Member
‎04-19-2013 9:02 AM
0 Kudos

1. Yup opened a message with SAP. (message number 0000342399 2013)

2. Can you please guide as to which registry settings should be modified or added (you are talking about webi registry settings . right?).

3. It is a government organization requiring access over internet through https. Is there way a simpler way of configuring SSL settings apart from the following:

1642329  - How To: Configure Corba SSL

http://blog.davidg.com.au/2012/12/setting-up-ssl-for-tomcat-and-sia-in-6.html

Thanks for your time.

denis_konovalov
Active Contributor
‎04-22-2013 1:23 PM
0 Kudos 
Saqib Masood wrote:
3. It is a government organization requiring access over internet through https. Is there way a simpler way of configuring SSL settings apart from the following:
1642329  - How To: Configure Corba SSL
http://blog.davidg.com.au/2012/12/setting-up-ssl-for-tomcat-and-sia-in-6.html

To access a site over internet, you need SSL between client browser and web app server. This is different from Corba SSL you have configured. That one encrypts internal communications between all BOE services and web app server and all the clients. Has perfomrnace hit and in most cases is overkill.

Tho in government organizations might be needed.

Former Member
‎12-31-2014 12:07 AM
0 Kudos

Hi Saqib Masood

I have the exact same requirement to access the Business objects (Mobile, webi, explorer,dashobards) from external network for a government client, i configured the server.xml on the Tomcat for (https:servername:8443/BOE/BI) to work. Its working fine. could you please let me know what further steps you have performed in detail to achieve the same.

I also configured the SSL certificates and facing the same issue which you posted on your cmd screenshots, In the comments section below, confirmed that its an overkill to have SSL configured within the network and you disabled it. I opened a ticket with SAP as well. I am curious to know how to get resolved if you know the solution. Appreciate your help. Thanks in advance.

Former Member
‎12-31-2014 6:12 PM
0 Kudos 


I also configured the SSL certificates and facing the same issue which you posted on your cmd screenshots, In the comments section below, confirmed that its an overkill to have SSL configured within the network and you disabled it. I opened a ticket with SAP as well. I am curious to know how to get resolved if you know the solution.

We have a 3 tier environment, on the Intelligence tier we were able to successfully execute the command for the thick clients (CCM)



sslconfig.exe -dir c:\SSL -mycert servercert.der -rootcert cacert.der -mykey server.key -passphrase passphrase.txt -protocol ssl

But for the Application Tier and Processing Tier it was not working, (error shown in the CMD screen shot by saqib), after couple of days executed the same command on the Applcation Tier, suprisingly it worked fine. Trust me i haven't done any changes. Wierd.

On the processing tier we tried to execute but no luck, we resolved it by

Copied the Registry keys for SSL from the Application Tier and Imported into Processing Tier which resolved the issue. (HKEY_LOCAL_MACHINE/SOFTWARE/Sap BusinessObjects/Suite XI 4.0/CER)

File/Export the entire CER registry folder, copy into Processing Tier, Take a backup of entire registry keys in processing tier by exporting it to Desktop. Double click on the copied registry key from Application tier and install them; the issue was resolved.

Former Member
‎04-16-2013 1:54 PM
0 Kudos

An Update:

On client machine win64_x64 is not available so sslconfig.exe was run from following location:

C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x32

Show replies
Show replies
Former Member
‎04-16-2013 1:27 PM
0 Kudos

Transport error: Insufficient resources.(FWM 00002)

This error i get while logging in through Dashboard Design.

Show replies
Show replies
DayaJha
Active Contributor
‎04-16-2013 3:21 PM
0 Kudos

Hi Saqib.

Please refer the below SNotes From SAP Market Place regarding "Transport Error in Xcelsius 2008"

1397164 - Error "Transport Error:Communicaton Failure" when Saving to or Opening from Business Objects Enterprise XI 3.1 in Xcelsius 2008

Links:

https://service.sap.com/sap/support/notes/1397164

Hope this will help you as well.

Thanks,

Daya

Former Member
‎04-17-2013 7:55 AM
0 Kudos

Nop this did not work.

Ask a Question