Intellicus Enterprise Reporting and Business Insights 19.0

Running Intellicus Under SSL

0 views June 28, 2020 0

By default, Intellicus is installed to work without the use of SSL (Secure Sockets Layer).

However, Intellicus Report Server and Web Portal can communicate over a secured connection using Secure Sockets Layer. This ensures that encrypted data is passed between the report server and web portal so that data remains private and integral.

Prerequisite

At the time of installation, Intellicus by default installs tomcat web server. Given here are the instructions of configuring Tomcat to work under SSL. Before going ahead, make sure Intellicus is already installed.

Configuring SSL

This involves updating Tomcat configuration file.

Updating Tomcat Configuration File

Changes related to secure socket are made in Tomcat configuration file: server.xml.
This file has been placed at following location at the time of Installation of Intellicus:
jakartaconfserver.xml

Windows

In case of windows, Intellicus tomcat uses APR features for performance enhancements. This requires OpenSSL style configuration for HTTPS connector. Intellicus provides the Certificate file (localhost.crt) and the Key file (localhost.key) for this purpose. Please make sure these two files are present in <Intellicus Install Path>/Jakarta/conf folder.

Remove comment from the Connector element related to SSL, which looks like this:

<!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the OpenSSL style configuration
         described in the APR documentation. This connector
		 should be used when APR(tcnative-1.dll)is used -->
    <!-- 
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
			   SSLCertificateFile="../conf/localhost.crt"
				   SSLCertificateKeyFile="../conf/localhost.key"
			   SSLPassword="intellicus" />
      -->

 
You may change the port too, if needed.

In case multiple connectors are required, you can specify comma-separated TLS versions under ‘sslProtocol’ (example: sslProtocol=”TLSv1,TLSv1.1,TLSv1.2″).

Note: Optionally you can generate your own certificate and key files. Please refer the following URL’s Configuration section
http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

Linux / Solaris

In case of Linux or Solaris, Intellicus does not use APR by default. In this case a key store file should be used to run tomcat in HTTPS mode. Intellicus provides .keystore file in <Intellicus Install Path>/Jakarta/conf folder.

Remove comment from the Connector element related to SSL, which looks like this:

<!-- Define a SSL HTTP/1.1 Connector on port 8443
                This connector uses the JSSE configuration. This connector
                should be used when APR(tcnative-1.dll) is not used-->
    <!-- 
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
			   keystoreFile="conf/.keystore" />
     -->

 
You may change the port too, if needed.

Note: Optionally you can generate your own keystore file.  Please refer the following URL’s Quick start section
http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

Accessing Intellicus running under SSL

To access Intellicus portal running under SSL, your users will specify following URL in address-bar of the browser:

https://<serverIP>:<port>/intellicus

Example: To run Intellicus portal running under SSL (at port 8443) from the same machine, specify following URL in address-bar of the browser:

https://localhost:8443/intellicus

Accepting the certificate

When for the first time user attempts to access Intellicus running under SSL, he / she is typically presented with a dialog containing the details of the certificate (such as the company and contact name), and asked if wished to accept the Certificate as valid and continue working.

Some browsers will provide an option for permanently accepting a given Certificate as valid. In this case, the user will not be bothered with a prompt each time he / she visit your site. On other browsers, it becomes necessary to accept the certificate during each visit to the site.