Hitachi Vantara Pentaho Community Wiki
Added by Ramaiz Mansoor, last edited by Ramaiz Mansoor on Oct 09, 2008  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Introduction

This is a small guide which will help you enable SSL mode in your pentaho administration console.  The information provided here is based on Jetty 6.12 release, as pentaho administration console uses an embedded jetty server. Configuring SSL can be a confusing experience of keys, certificates, protocols and formats, thus it helps to have a reasonable understanding of the basics.

Certificate

In a production environment you should obtain a certificate from one of the trusted certification authorities.
But for this example we'll walk through the steps needed to create your own self-signed certificate using the keytool which
comes with the Java Development Kit.

To generate your certificate enter the following command:

keytool \-keystore .keystore \-alias jetty \-genkey \-keyalg RSA

This command will prompt for information about the certificate and for passwords to protect both the keystore and the keys within it. The only mandatory response is to provide the fully qualified host name of the server at the "first and last name" prompt. For example:

keytool \-keystore .keystore \-alias jetty \-genkey \-keyalg RSA
Enter keystore password:  changeit
What is your first and last name?
  \[Unknown\]:  localhost
What is the name of your organizational unit?
  \[Unknown\]:
What is the name of your organization?
  \[Unknown\]:
What is the name of your City or Locality?
  \[Unknown\]:
What is the name of your State or Province?
  \[Unknown\]:
What is the two-letter country code for this unit?
  \[Unknown\]:
Is CN=localhost, OU=Unknown, O=Unknown,
L=Unknown, ST=Unknown, C=Unknown correct?
  \[no\]:  yes

Enter key password for <jetty>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (RETURN if same as keystore password): changeit

Once the certificate is created, you may have to hunt down the location of this on disk, but typically this is going to be a .keystore file in
your home directory. Now move the .keystore file into {CONSOLE_HOME}\resource\config.  This is a the default location for the keystore.  If you drop the keystore in a different location, be sure to keep this in mind.

Pentaho Administration Console Configuration

Edit the console.properties file located in {CONSOLE_HOME}\resource\config}

console.properties
\# Pentaho Administration Console's Jetty Server Settings
console.start.port.number=8088
console.hostname=localhost
console.stop.port.number=8033

\# SSL Section for Pentaho Administration Console
console.ssl.enabled=false
console.ssl.port.number=8143
keyAlias=jetty
keyPassword=changeit
keyStore=resource/config/keystore
keyStorePassword=changeit
trustStore=resource/config/keystore
trustStorePassword=changeit
wantClientAuth=false
needClientAuth=false

\# Security Authentication Section for Pentaho Administration Console
console.security.enabled=true
console.security.roles.allowed=admin
console.security.roles.delimeter=,
console.security.realm.name=Pentaho
console.security.login.module.name=PropertiesFileLoginModule
console.security.auth.config.path=resource/config/login.conf

Notice that the console.ssl.enabled properties is set to false. Change that value to true. By default keytore and trustore path is resource/config and password for them is changeit. If you have something different you can edit the ssl section for the correct value. Remember that the default port for pentaho administration console https is 8143, so if you want to change it then you can do this right here in the properties file

Starting Pentaho Administration Console using SSL

Now you are ready to start pentaho administration console and use SSL.  Bring your server up as normal and hit your web application with an https
url.  For example.

https://localhost:8143

Configuring internet browser to temporarily accept the self signed certificate

If you are starting the pentaho administration console for the very first time, you will see this error on your internet browser (For demonstration we are using Firefox 3.0) !firefox_ssl2.gif!
 
Click on the link to add exception and the current screen will refresh to screen below

 
Click on Add Exception button and will be bring a new dialog box in front of you
 

 
Click on "Get Certificate" and the option to view the certificate will now be available

 

  If you wish to view the certificate, click view and the certificate will be displayed


 
 Once everything look ok you can click the button "Confirm Security Exception". If you want to permanently store the exception you can leave the check box as check otherwise uncheck the check box.

 
You are now using the pentaho administration console with ssl.