In this article I'd like to describe the process of running TIBCO JasperReports® Server over HTTPS with the help of Tomcat server.
Downloading Tomcat and JasperReports® Server
I believe you already have the JasperReports Server application, so the only step is to choose which Web server to run it on. For my case I'll be using Tomcat, and I think the process would slightly differs in small steps. So, let's download the Tomcat from official website:
I'll be using version 8.5.59.
For this article I would name the folder where you'd place Tomcat is TOMCAT. So, once you download it, let's try to run it:
$ cd TOMCAT/bin $ ./catalina.sh run
depending in your computer in 5-10 seconds you may see a welcome message on a console, and you may try to open the page
It's really so easy. Let be sure no one is using the same port 8080 on your machine, and you don't have firewall which blocks your requests.
Deploying JasperReports Server
Now, let's deploy JasperReports Server into Tomcat server. One of the things we need to do before deploy is to have database server. I'd like to go with MySQL server, which is very simple. Don't worry, you don't need to configure one, you just need to put some parameters into the JasperReports Server configuration file. So, get to the JasperReports Server top folder, and run next command:
$ cp -f buildomatic/sample_conf/mysql_master.properties buildomatic/default_master.properties
Now, get to buildomatic/ folder and open file default_master.properties for editing. You may and should define some variables there, but the most important for our article are next ones:
appServerDir = TOMCAT dbUsername=root dbPassword=password js.dbName=sample sugarcrm.dbName=sample_sugarcrm foodmart.dbName=sample_foodmart
Now, save the file and run next command form the same buildomatic/ folder:
./js-ant install-normal-pro
In 2-5 minutes the command would finish, and you may try to start your deployed JasperReports Server application. Get back to TOMCAT/bin directory and run again:
$ ./catalina.sh run
This time the startup would take much more time, and once it's finished try to open next page:
http://localhost:8080/jasperserver-pro/login.html
(the URL may be different depending on the variables you might changed in the default_master.properties file).
I hope you see the page, now it's time to plug in the security !
Generating certificate
In case you have a certificate for your domain you may skip this section. If not, I'm going to use self-generated domain certificate, and self-generated root certificate to sign domain certificate. You can read on internet what is a root certificate, why it makes sense to create it, and so on. Shortly: you may install the root certificate into your browser and all domain certificated which you sign by this root cert would be valid for this browser.
Generating root certificate
To make things simplier, I created a script which generates root certificate and asks for a password. It's attached to the page by name createRootCert.sh. Download it, examine its content to be sure everything is fine, and run it:
$ ./createRootCert.sh 1. Generating a Private Key ... Generating RSA private key, 2048 bit long modulus (2 primes) .......................................................................................................+++++ ...........................................................................+++++ e is 65537 (0x010001) Enter pass phrase for rootCA.key: Verifying - Enter pass phrase for rootCA.key: 2. Removing Passphrase from Key ... Enter pass phrase for rootCA.key.org: writing RSA key 3. Generating the Root Certificate ... Done $
Generating domain certificate
Lets say we want certificate for domain name "domain.com". Just for sample. You definitely want to change it to something more available, but lets keep this name in our article. Now, download the attached script createCertForDomain.sh and create a file domainDescription.txt with next content:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = domain.com DNS.2 = *.domain.com
Change the domain name in this file. Now, open the file createCertForDomain.sh, and change the domain name there as well. Now, run the script:
$ ./createCertForDomain.sh 1. Generating a Private key and a CSR (Certificate Signing Request) for domain ... Generating a RSA private key ...................................................................+++++ ......................................................................................................................................+++++ writing new private key to './certs/domain.com/privateKey.key' ----- 2. Generating a Self-Signed Certificate for domain ... Signature ok subject=C = UA, O = OgranizationName, OU = UserName, CN = Domain Certificate Getting CA Private Key Done $
You should get something like this:
$ ls -lR certs/ certs/: total 4 drwxrwxr-x 2 user user 4096 Nov 6 12:31 domain.com certs/domain.com: total 12 -rw-rw-r-- 1 user user 1302 Nov 6 12:31 certificate.crt -rw-rw-r-- 1 user user 985 Nov 6 12:31 certificate.csr -rw------- 1 user user 1704 Nov 6 12:31 privateKey.key $
Installing certificates into Tomcat
To do this create a folder TOMCAT/conf/cert folder, and copy there two files: certificate.crt and privateKey.key. Now, open file TOMCAT/conf/server.xml for editing and find a SSL section there. It should be disabled. You may want to insert a next section somewhere around:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/home/user/.keystore" clientAuth="false" sslProtocol="TLS" > <SSLHostConfig hostName="domain.com"> <Certificate certificateKeyFile="TOMCAT/conf/certs/privateKey.key" certificateFile="TOMCAT/conf/certs/certificate.crt" type="RSA" /> </SSLHostConfig> </Connector>
Save the file and run the Tomcat again. Now you should be able to open page
https://localhost:8080/jasperserver-pro/
One note: your browser would alarm you that the certificate is unknown. It's true. But you may import root certificate into your browser and this problem would gone. Just don't pass to anyone key file for root certificate, or simply remove it immediately so no one can create a fake certificate for any existing domain and attack you.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now