/
Enabling Transport Layer Security (TLS)
Document toolboxDocument toolbox

Enabling Transport Layer Security (TLS)

Owned by sunny.gupta
Last updated: Nov 22, 2024
3 min read

The Kyvos Reporting portal supports TLS communication between the Report Engine and Web Client components, which mitigates risks associated with unsecured transmission.

Administrators perform a one-time configuration to enable TLS communication for the Report Engine and the Web Client.

Note

To ensure a smooth transition, you must stop the Report Server and Web Client before enabling or disabling TLS mode.

TLS configurations for Report Engine

To enable TLS for the Report Engine, perform the following steps.

  1. Access the file ReportEngine_Default.properties located at: ../KyvosReporting <installation folder>/reportengine/config

  2. Copy the following properties:

    • SERVER_ENCRYPTED_WITH_TLS=

    • SERVER_ENCRYPTION_TLS_PROTOCOL=

    • SERVER_ENCRYPTION_KEY_STORE=

    • SERVER_ENCRYPTION_KEY_STORE_PASSWORD=

Note

The above-mentioned properties must be copied as is. The input values are detailed in point 4.

  1. Paste these properties in the file ReportEngine.properties located at: ../KyvosReporting <installation folder>/reportengine/config

Note

If the ReportEngine.properties file does not exist in the specified path, you must create one. The name and casing must be used as specified above.

  1. Enter the details as:

Property

Description

Property

Description

SERVER_ENCRYPTED_WITH_TLS

To start the server in the TLS mode, enter True.

SERVER_ENCRYPTION_TLS_PROTOCOL

To configure the version of TLS protocol, enter TLSv1.2 or TLSv1.3 as needed.

Note: Currently, the above-mentioned protocols are supported in Kyvos Reporting.

SERVER_ENCRYPTION_KEY_STORE

To configure the .p12 (PKCS12) file system path required in TLS communication, enter the link to the security certificate in the .p12 file format.

Note: This certificate must be acquired by the administrator from a third party security certification vendor.

SERVER_ENCRYPTION_KEY_STORE_PASSWORD

To configure the password of the file added in the ‘SERVER_ENCRYPTION_KEY_STORE’ property, enter the required password.

  1. Save the configurations.

Following is a TLS Report Engine configurations sample.

tlsreportengine.png

TLS configurations for Web Client

To enable TLS for Web Client, perform the following steps.

  1. Access the file ReportClient_Default.properties located at: ../KyvosReporting <installation folder>/jakarta/webapps/kyvosreporting/client/config/

  2. Copy the following properties:

    • CLIENT_ENCRYPTED_WITH_TLS=

    • CLIENT_ENCRYPTION_TLS_PROTOCOL=

    • TRUST_STORE_PATH=

  3. Paste these properties in the file ReportClient.properties located at: ../KyvosReporting <installation folder>/jakarta/webapps/kyvosreporting/client/

  1. Enter the details as:

Property

Description

Property

Description

CLIENT_ENCRYPTED_WITH_TLS

To start the client in TLS mode, enter True to enable the property.

CLIENT_ENCRYPTION_TLS_PROTOCOL

To configure the version of TLS protocol, enter TLSv1.2 or TLSv1.3 as needed.

Note: Currently, the above-mentioned protocols are supported in Kyvos Reporting.

TRUST_STORE_PATH

To configure the path of the security certificates required in TLS communication, enter the link of the security certificates in the .cer file format.

Note: The certificate(s) must be acquired by the administrator from a third-party security certification vendor.

  1. Save the configurations.

Following is a sample of the TLS Web Client configurations.

image-20240329-132056.png

 

Copyright Kyvos, Inc. All rights reserved.