Showing results for 
Search instead for 
Did you mean: 

Setting up SSL in BI 4.1

Former Member
0 Kudos

Hello Colleagues,

I am trying to setup SSL in BI 4.1. In the Admin guide we have the first step as :

8.13.2 Setting up SSL when the certificate is managed by a certificate authority

When setting up SSL for server communication, follow these steps if the certificate is managed by a

certificate authority.

1. Export your desired certificate with its private key to PKCS #12 (.PFX) format. This will be used as the certificate for the certificate authority.

What does this mean? Do I need the CA certificate with its Private key?

If I have private key of the CA then I can behave as the CA itself!

Normally I generate my CSR and get it signed from the CA and then import both signed server cert + CA cert. Then SSL should work.

Thanks and Regards,


View Entire Topic
Former Member
0 Kudos

Hi Nitin,

Please follow the below steps which should help incase the application server at your side is Tomcat:

1. Execute the following from a command line to create a .keystore file:

<Installtion Directory>:\Program Files (x86)\SAP Business Objects\SAP Business Objects Enterprise XI 4.0\win64_x64\jdk\bin\keytool -genkey -alias tomcat -keyalg RSA

2. Upon executing the above command, you will be prompted for a keystore password, your full name, organizational unit, organization, city, state and country. At the end, you will be prompted for the keystore password again. This has to be the same password as the password you entered previously. Newer versions of the keytool will prompt you to hit ENTER to keep it the same.

3. Once finished, a self signed .keystore file will have been created in your user"s home directory:

For example: C:\Users\Administrator

4. Move this .keystore file from this directory to one in the Business Objects folder structure or any other folder

For example: C:\SSL

5. Browse to Tomcat's server.xml file and create a backup file:

For example: C:\Program Files (x86)\SAP BusinessObjects\Tomcat6\conf

6. Open and edit the server.xml file in wordpad.

7. Uncomment the section below and add the two commands after keystorePass & keystoreFile. This section needs to reference the new location of the .keyfile and the password you specified when creating it.

<!-- Define a SSL HTTP/1.1 Connector on port 8443

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" keystorePass="password" keystoreFile="C:\SSL\.keystore"/>

8. Restart Tomcat and it should now be accessible using




Former Member
0 Kudos

Excellent Answer, It works very well

0 Kudos

i am on BO 4.2 and i am not able to make it work