Page Operations
Browse SpaceIntroduction
This is a small guide which will help you enable SSL mode in your pentaho administration console. The information provided here is based on Jetty 6.12 release, as pentaho administration console uses an embedded jetty server. Configuring SSL can be a confusing experience of keys, certificates, protocols and formats, thus it helps to have a reasonable understanding of the basics.
Certificate
In a production environment you should obtain a certificate from one of the trusted certification authorities.
But for this example we'll walk through the steps needed to create your own self-signed certificate using the keytool which
comes with the Java Development Kit.
To generate your certificate enter the following command:
keytool \-keystore .keystore \-alias jetty \-genkey \-keyalg RSA
This command will prompt for information about the certificate and for passwords to protect both the keystore and the keys within it. The only mandatory response is to provide the fully qualified host name of the server at the "first and last name" prompt. For example:
keytool \-keystore .keystore \-alias jetty \-genkey \-keyalg RSA Enter keystore password: changeit What is your first and last name? \[Unknown\]: localhost What is the name of your organizational unit? \[Unknown\]: What is the name of your organization? \[Unknown\]: What is the name of your City or Locality? \[Unknown\]: What is the name of your State or Province? \[Unknown\]: What is the two-letter country code for this unit? \[Unknown\]: Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? \[no\]: yes Enter key password for <jetty> (RETURN if same as keystore password): changeit
Once the certificate is created, you may have to hunt down the location of this on disk, but typically this is going to be a .keystore file in
your home directory. Now move the .keystore file into {CONSOLE_HOME}\resource\config. This is a the default location for the keystore. If you drop the keystore in a different location, be sure to keep this in mind.
Pentaho Administration Console Configuration
Edit the console.properties file located in {CONSOLE_HOME}\resource\config}
\# Pentaho Administration Console's Jetty Server Settings console.start.port.number=8088 console.hostname=localhost console.stop.port.number=8033 \# SSL Section for Pentaho Administration Console console.ssl.enabled=false console.ssl.port.number=8143 keyAlias=jetty keyPassword=changeit keyStore=resource/config/keystore keyStorePassword=changeit trustStore=resource/config/keystore trustStorePassword=changeit wantClientAuth=false needClientAuth=false \# Security Authentication Section for Pentaho Administration Console console.security.enabled=true console.security.roles.allowed=admin console.security.roles.delimeter=, console.security.realm.name=Pentaho console.security.login.module.name=PropertiesFileLoginModule console.security.auth.config.path=resource/config/login.conf
Notice that the console.ssl.enabled properties is set to false. Change that value to true. By default keytore and trustore path is resource/config and password for them is changeit. If you have something different you can edit the ssl section for the correct value. Remember that the default port for pentaho administration console https is 8143, so if you want to change it then you can do this right here in the properties file
Starting Pentaho Administration Console using SSL
Now you are ready to start pentaho administration console and use SSL. Bring your server up as normal and hit your web application with an https
url. For example.
https://localhost:8143
Configuring internet browser to temporarily accept the self signed certificate
If you are starting the pentaho administration console for the very first time, you will see this error on your internet browser (For demonstration we are using Firefox 3.0) !firefox_ssl2.gif!
Click on the link to add exception and the current screen will refresh to screen below
Click on Add Exception button and will be bring a new dialog box in front of you
Click on "Get Certificate" and the option to view the certificate will now be available
If you wish to view the certificate, click view and the certificate will be displayed
Once everything look ok you can click the button "Confirm Security Exception". If you want to permanently store the exception you can leave the check box as check otherwise uncheck the check box.
You are now using the pentaho administration console with ssl.