Running the Portal Under SSL
- sunny.gupta
By default, Kyvos Reporting is installed to work without the use of SSL (Secure Sockets Layer).
However, Kyvos Reporting Report Server and Web Portal can communicate over a secured connection using Secure Sockets Layer. This ensures that encrypted data is passed between the report server and web portal so that data remains private and integral.
Prerequisite
At the time of installation, Kyvos Reporting by default installs tomcat web server. Given here are the instructions of configuring Tomcat to work under SSL. Before going ahead, make sure Kyvos Reporting is already installed.
Configuring SSL
This involves updating Tomcat configuration file.
Updating Tomcat Configuration File
Changes related to secure socket are made in Tomcat configuration file: server.xml.
This file has been placed at following location at the time of Installation of Kyvos Reporting:
jakartaconfserver.xml
Windows
In case of windows, Kyvos Reporting tomcat uses APR features for performance enhancements. This requires OpenSSL style configuration for HTTPS connector. Kyvos Reporting provides the Certificate file (localhost.crt) and the Key file (localhost.key) for this purpose. Please make sure these two files are present in <Kyvos Reporting Install Path>/Jakarta/conf folder.
Remove comment from the Connector element related to SSL, which looks like this:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the OpenSSL style configuration
described in the APR documentation. This connector
should be used when APR(tcnative-1.dll)is used -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="../conf/localhost.crt"
SSLCertificateKeyFile="../conf/localhost.key"
SSLPassword="Kyvos Reporting" />
-->
You may change the port too, if needed.
In case multiple connectors are required, you can specify comma-separated TLS versions under ‘sslProtocol’ (example: sslProtocol=”TLSv1,TLSv1.1,TLSv1.2″).
Note: Optionally you can generate your own certificate and key files. Please refer the following URL’s Configuration section
Apache Tomcat 8 (8.0.53) - SSL/TLS Configuration HOW-TO
Linux / Solaris
In case of Linux or Solaris, Kyvos Reporting does not use APR by default. In this case a key store file should be used to run tomcat in HTTPS mode. Kyvos Reporting provides .keystore file in <Kyvos Reporting Install Path>/Jakarta/conf folder.
Remove comment from the Connector element related to SSL, which looks like this:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration. This connector
should be used when APR(tcnative-1.dll) is not used-->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/.keystore" />
-->
You may change the port too, if needed.
Note: Optionally you can generate your own keystore file. Please refer the following URL’s Quick start section
Apache Tomcat 8 (8.0.53) - SSL/TLS Configuration HOW-TO
Accessing Kyvos Reporting running under SSL
To access Kyvos Reporting portal running under SSL, your users will specify following URL in address-bar of the browser:
https://<serverIP>:<port>/Kyvos Reporting
Example: To run Kyvos Reporting portal running under SSL (at port 8443) from the same machine, specify following URL in address-bar of the browser:
https://localhost:8443/Kyvos Reporting
Accepting the certificate
When for the first time user attempts to access Kyvos Reporting running under SSL, he / she is typically presented with a dialog containing the details of the certificate (such as the company and contact name), and asked if wished to accept the Certificate as valid and continue working.
Some browsers will provide an option for permanently accepting a given Certificate as valid. In this case, the user will not be bothered with a prompt each time he / she visit your site. On other browsers, it becomes necessary to accept the certificate during each visit to the site.
Related content
Copyright Kyvos, Inc. All rights reserved.