Jump to content
JasperReports 7.0 is now available ×
  • This documentation is an older version of JasperReports Server Security Guide. View the latest documentation.

    The import and export functionality can be used to share export catalogs between servers that have different keys, for example an old server with custom keys. If you wish to share catalogs between two servers that are both on release 7.8, you can add the keys directly to the server's keystore.

    For example, if you have a test server for developing reports and dashboards, and a production server where users need them, you can transfer them by exporting from one and importing into the other. To do so, both servers need the same import-export key, but after intallation, each will have a different and random key. The recommended solution is to generate the new key in a new keystore file, and then import it to both servers.

    The following procedure assumes you are familiar with the command-line keytool utility. For more information, see the Java keytool reference.

    To create and import a custom key to multiple servers (release 7.5):

    1. Generate your custom keys in a keystore. In this example, we generate two keys that will be used to overwrite the default import-export key and the diagnostic key.

    Use the keytool utility again to verify your new keys:

    2. Copy the keystore file to both servers using a secure method such as scp, sftp, or rsync.
    3. Log into the first server (bi-test) as the system user who installed JasperReports Server (jrsusr) and stop the app server. Then import the keys with the following commands:
    4. Log into the second server (bi-production) as the system user who installed JasperReports Server (jrsusr) and stop the app server. Then import the keys with the same commands as above.
    5. Restart both app servers, and now they will use your custom keys.

    In this example, the two custom keys were given the same alias as keys that are created by default in the server's own keystore (/users/jrsuser/.jrsks). As a result, the custom keys will overwrite the server's default keys and be used in any operation where the default keys are used. This will have the following consequences:

    Export catalogs can be shared between the two servers. Any passwords in the export catalog will be encrypted with the new importExportEncSecret one one server and decrypted with the same key on the other server. Export catalogs can be moved from the test server to the production server for deployment and vice versa for debugging, witout exchanging keys or even specifying key aliases.
    Log collectors will be encrypted with a known key. For security, the diagnostic information in log collector is encrypted with the diagnosticDataEncSecret key. Now when you download the log collector zip file, you just need a copy of the mystore keystore file with your new diagnosticDataEncSecret key to decrypt it.


    The keystore you created in this procdure contains the same keys as your production server, and could thus be used to access sensitive data. Be sure to delete the copies of the keystore you no longer need, and safeguard the passwords you used in these commands.

    User Feedback

    Recommended Comments

    There are no comments to display.

    This is now closed for further comments

  • Create New...