Welcome to Knowage Q&A, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

cockpit dataset error chart datasource installer datasets installation widget parameters business-model olap knowage knowage_7_1 integration login knowage_7_1-ce report-designer cross-navigation analyticaldriver

How can I enable SSL or HTTPS for the knowage service? It runs on http/8080 by default.

0 votes
1 view
Can someone please guide me how to enable HTTPS on the default HTTP/8080 based knowage application? I need to enable encryption of data and not run on HTTP plain text
Environment linux
in Standard by (590 points)

4 Answers

0 votes
Hi,

  if you're using a Tomcat installation you have to modify the file server.xml to change the port referenceses and the urls about Knowage (service_url and host_url).

Also, if you want using CAS you have to active  its filter configuration on  all web.xml files under each webapp of your server.
by (4.4k points)
0 votes

You would do the following:

  • Generate a self-signed SSL certificate or obtain one from a know Certificate Authority (e.g. DigiCert)
  • Depending upon how you wish to run the HTTPS connector, you would either create a separate server certificate and key file, or (as I did) put the server certificate and key into a Java keystore.
  • Put an entry into the server.xml file similar to the following:

    <Connector port="8443"
               protocol="HTTP/1.1"
               SSLEnabled="true"
               maxThreads="150"
               scheme="https"
               secure="true"
               clientAuth="false"
               sslProtocol="TLS"
               keyAlias="default"
               keystoreFile="/etc/ssl/keystore.jks"
               keystorePass="camunda1!"
               truststoreFile="/etc/ssl/keystore.jks"
               truststorePass="kspass1"/>

The "keyAlias" must match the value you used when you imported the server certificate/key into the Java keystore.

Configuration of the SSL certs, keys, and keystore is not easy.

by (430 points)
Hello,

I tried this method but I have a problem : the application is working under https but the documents are blank, i mean my cocpits is not showing is there a solution.
by (380 points)
+1 vote

Late answer: you could also use a reverse proxy as we did, that saves you from working with a Java Key Storage which we found rather ... tedious (especially when using something like Let's Encrypt).

We just wrote a somewhat detailed guide on how to do that after we found a minor issue with it. Shameless self-promotion: https://www.knowage-suite.com/qa/2587/https-reverse-proxy-with-apache . Hope it helps!smiley

by (770 points)
0 votes

Thank you for sharing explicit information. Having an HTTPS website prevents phishing and attack. I'd love to share my thoughts with users on SSL Types and Brands and how useful it is for a website. Also, read What is SSL Stripping? How to prevent MITM ATTACK?

by (200 points)
Powered by Question2Answer
...