Jump to content
We've recently updated our Privacy Statement, available here ×

  • TIBCO JasperReports® Server over HTTPS based in Tomcat

    dgorbenk

    By dgorbenk

      • Product: JasperReports® Server
     Share

    In this article I'd like to describe the process of running TIBCO JasperReports® Server over HTTPS with the help of Tomcat server.

    Downloading Tomcat and JasperReports® Server

    I believe you already have the JasperReports Server application, so the only step is to choose which Web server to run it on. For my case I'll be using Tomcat, and I think the process would slightly differs in small steps. So, let's download the Tomcat from official website:

    https://tomcat.apache.org/

    I'll be using version 8.5.59.

    For this article I would name the folder where you'd place Tomcat is TOMCAT. So, once you download it, let's try to run it:

    $ cd TOMCAT/bin
$ ./catalina.sh run

    depending in your computer in 5-10 seconds you may see a welcome message on a console, and you may try to open the page

    http://localhost:8080/

    It's really so easy. Let be sure no one is using the same port 8080 on your machine, and you don't have firewall which blocks your requests.

    Deploying JasperReports Server

    Now, let's deploy JasperReports Server into Tomcat server. One of the things we need to do before deploy is to have database server. I'd like to go with MySQL server, which is very simple. Don't worry, you don't need to configure one, you just need to put some parameters into the JasperReports Server configuration file. So, get to the JasperReports Server top folder, and run next command:

    $ cp -f buildomatic/sample_conf/mysql_master.properties buildomatic/default_master.properties

    Now, get to buildomatic/ folder and open file default_master.properties for editing. You may and should define some variables there, but the most important for our article are next ones:

    appServerDir = TOMCAT
dbUsername=root
dbPassword=password
js.dbName=sample
sugarcrm.dbName=sample_sugarcrm
foodmart.dbName=sample_foodmart

    Now, save the file and run next command form the same buildomatic/ folder:

    ./js-ant install-normal-pro

    In 2-5 minutes the command would finish, and you may try to start your deployed JasperReports Server application. Get back to TOMCAT/bin directory and run again:

    $ ./catalina.sh run

    This time the startup would take much more time, and once it's finished try to open next page:

    http://localhost:8080/jasperserver-pro/login.html

    (the URL may be different depending on the variables you might changed in the default_master.properties file).

    I hope you see the page, now it's time to plug in the security !

    Generating certificate

    In case you have a certificate for your domain you may skip this section. If not, I'm going to use self-generated domain certificate, and self-generated root certificate to sign domain certificate. You can read on internet what is a root certificate, why it makes sense to create it, and so on. Shortly: you may install the root certificate into your browser and all domain certificated which you sign by this root cert would be valid for this browser.

    Generating root certificate

    To make things simplier, I created a script which generates root certificate and asks for a password. It's attached to the page by name createRootCert.sh. Download it, examine its content to be sure everything is fine, and run it:

    $ ./createRootCert.sh 
1. Generating a Private Key ...
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................................................................................................+++++
...........................................................................+++++
e is 65537 (0x010001)
Enter pass phrase for rootCA.key:
Verifying - Enter pass phrase for rootCA.key:
2. Removing Passphrase from Key ...
Enter pass phrase for rootCA.key.org:
writing RSA key
3. Generating the Root Certificate ...
Done
$

    Generating domain certificate

    Lets say we want certificate for domain name "domain.com". Just for sample. You definitely want to change it to something more available, but lets keep this name in our article. Now, download the attached script createCertForDomain.sh and create a file domainDescription.txt with next content:

    authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = domain.com
DNS.2 = *.domain.com

    Change the domain name in this file. Now, open the file createCertForDomain.sh, and change the domain name there as well. Now, run the script:

    $ ./createCertForDomain.sh
1. Generating a Private key and a CSR (Certificate Signing Request) for domain ... 
Generating a RSA private key
...................................................................+++++
......................................................................................................................................+++++
writing new private key to './certs/domain.com/privateKey.key'
-----
2. Generating a Self-Signed Certificate for domain ... 
Signature ok
subject=C = UA, O = OgranizationName, OU = UserName, CN = Domain Certificate
Getting CA Private Key
Done
$

    You should get something like this:

    $ ls -lR certs/
certs/:
total 4
drwxrwxr-x 2 user user 4096 Nov  6 12:31 domain.com

certs/domain.com:
total 12
-rw-rw-r-- 1 user user 1302 Nov  6 12:31 certificate.crt
-rw-rw-r-- 1 user user  985 Nov  6 12:31 certificate.csr
-rw------- 1 user user 1704 Nov  6 12:31 privateKey.key
$

    Installing certificates into Tomcat

    To do this create a folder TOMCAT/conf/cert folder, and copy there two files: certificate.crt and privateKey.key. Now, open file TOMCAT/conf/server.xml for editing and find a SSL section there. It should be disabled. You may want to insert a next section somewhere around:

    <Connector
    port="443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="/home/user/.keystore"
    clientAuth="false"
    sslProtocol="TLS" >
    <SSLHostConfig hostName="domain.com">
        <Certificate
            certificateKeyFile="TOMCAT/conf/certs/privateKey.key"
            certificateFile="TOMCAT/conf/certs/certificate.crt"
            type="RSA"
        />
    </SSLHostConfig>
</Connector>

    Save the file and run the Tomcat again. Now you should be able to open page

    https://localhost:8080/jasperserver-pro/

    One note: your browser would alarm you that the certificate is unknown. It's true. But you may import root certificate into your browser and this problem would gone. Just don't pass to anyone key file for root certificate, or simply remove it immediately so no one can create a fake certificate for any existing domain and attack you.

    createrootcert.sh

    createcertfordomain.sh

     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore