In this article I'd like to describe the process of running TIBCO JasperReports® Server over HTTPS with the help of Tomcat server. Downloading Tomcat and JasperReports® ServerI believe you already have the JasperReports Server application, so the only step is to choose which Web server to run it on. For my case I'll be using Tomcat, and I think the process would slightly differs in small steps. So, let's download the Tomcat from official website: https://tomcat.apache.org/ I'll be using version 8.5.59. For this article I would name the folder where you'd place Tomcat is TOMCAT. So, once you download it, let's try to run it: $ cd TOMCAT/bin
$ ./catalina.sh run depending in your computer in 5-10 seconds you may see a welcome message on a console, and you may try to open the page http://localhost:8080/ It's really so easy. Let be sure no one is using the same port 8080 on your machine, and you don't have firewall which blocks your requests. Deploying JasperReports ServerNow, let's deploy JasperReports Server into Tomcat server. One of the things we need to do before deploy is to have database server. I'd like to go with MySQL server, which is very simple. Don't worry, you don't need to configure one, you just need to put some parameters into the JasperReports Server configuration file. So, get to the JasperReports Server top folder, and run next command: $ cp -f buildomatic/sample_conf/mysql_master.properties buildomatic/default_master.properties Now, get to buildomatic/ folder and open file default_master.properties for editing. You may and should define some variables there, but the most important for our article are next ones: Now, save the file and run next command form the same buildomatic/ folder: ./js-ant install-normal-pro In 2-5 minutes the command would finish, and you may try to start your deployed JasperReports Server application. Get back to TOMCAT/bin directory and run again: $ ./catalina.sh run This time the startup would take much more time, and once it's finished try to open next page: http://localhost:8080/jasperserver-pro/login.html (the URL may be different depending on the variables you might changed in the default_master.properties file). I hope you see the page, now it's time to plug in the security ! Generating certificateIn case you have a certificate for your domain you may skip this section. If not, I'm going to use self-generated domain certificate, and self-generated root certificate to sign domain certificate. You can read on internet what is a root certificate, why it makes sense to create it, and so on. Shortly: you may install the root certificate into your browser and all domain certificated which you sign by this root cert would be valid for this browser. Generating root certificateTo make things simplier, I created a script which generates root certificate and asks for a password. It's attached to the page by name createRootCert.sh. Download it, examine its content to be sure everything is fine, and run it: Generating domain certificateLets say we want certificate for domain name "domain.com". Just for sample. You definitely want to change it to something more available, but lets keep this name in our article. Now, download the attached script createCertForDomain.sh and create a file domainDescription.txt with next content: Change the domain name in this file. Now, open the file createCertForDomain.sh, and change the domain name there as well. Now, run the script: You should get something like this: Installing certificates into TomcatTo do this create a folder TOMCAT/conf/cert folder, and copy there two files: certificate.crt and privateKey.key. Now, open file TOMCAT/conf/server.xml for editing and find a SSL section there. It should be disabled. You may want to insert a next section somewhere around: Save the file and run the Tomcat again. Now you should be able to open page https://localhost:8080/jasperserver-pro/ One note: your browser would alarm you that the certificate is unknown. It's true. But you may import root certificate into your browser and this problem would gone. Just don't pass to anyone key file for root certificate, or simply remove it immediately so no one can create a fake certificate for any existing domain and attack you.
createrootcert.sh
createcertfordomain.sh