Increase Security in Pentaho+ by SSL self signed configuration

tenthplanet_blog_pentaho_Increase-Security-in-Pentaho-by-SSL-self-signed-configuration

Configuration SSL(https) in Pentaho+ User Console and Server

Generate SSL Keystore using OpenSSL

1. Open a terminal or command prompt, enter your working directory:

cd $PENTAHO_HOME/server/pentaho-server/

2. Run the keytool command to generate a self-signed certificate. You may also obtain a signed certificate from a certificate authority if you wish. Ensure that the certificate uses a hash algorithm supported by your IdP (most likely SHA1 or SHA256).

$ keytool -genkey -alias tomcat -keystore tomcat.keystore.jks -storepass changeit -keyalg RSA –keypass changeit

Notes:

  • (a). When prompted, fill out any information relevant to your organization
  • (b). Use a password other than “changeit” for –storepass and –keypass arguments
  • (c). The keystore password (-storepass) and key password (-keypass) do not need to be the same

3. Configure SSL certificate in tomcat

Use a text editor to open the Pentaho+ Tomcat /tomcat/conf/server.xml file.

Locate the connector you want the new Keystore to secure i.e.

Configure SSL Certificate in Pentaho+ Server

1. Change to the home directory of the user account that starts the Pentaho Server and User Console processes or services. If you installed the default settings for Pentaho+, this directory will be $PENTAHO_HOME/

2. Execute the following command, changing the storepass (password in the example) and keypass (password in the example) accordingly

$ keytool -export -alias tomcat -file tomcat.cer -storepass changeit -keypass changeit -keystore $PENTAHO_HOME/tomcat.keystore.jks

3. Change to the

$PENTAHO_JAVA_HOME/jre/lib/security/ directory
$ cd $PENTAHO_JAVA_HOME/jre/lib/security/

4. Execute the following command, changing the alias (servercert in the example), the file path to the certificate (the current user’s home directory in the example), and the storepass (password in the example) accordingly

$ keytool -import -alias tomcat -file $PENTAHO_HOME/tomcat.cer -keystore cacerts -storepass changeit

5. Execute the following command and make note of the MD5 sum for the Tomcat entry:

$ keytool -list -keystore cacerts

6. Change back to the home directory of the user account that starts the Pentaho+ Server and User Console, and run this command

keytool -list -keystore keystore.jks

7. Restart the server and then try to connect with SSL URL i.e.

https://localhost:port/pentaho