Implementing private certificates in TrueSight Smart Reporting - Platform

This topic explains how to use CA-signed certificates for TrueSight Smart Reporting - Platform.

To create a signed certificate for TrueSight Smart Reporting

1. Log in to the server where TrueSight Smart Reporting - Platformis installed.
2. Take a backup of the <TrueSight Smart Reporting Installation Directory>\TrueSightSmartReporting\appserver\conf\tsr.keystore file.

3. Locate the Java installation used by TrueSight Smart Reporting - Platform and note the path for use in the below commands. The JRE_HOME variable in the  <TrueSight Smart Reporting Installation Directory>\TrueSightSmartReporting\appserver\bin\catalina.sh *** WHERE IS THIS SET ON WINDOWS***

4. Generate a new keystore and key:

   1. Open a command prompt and navigate to a temporary location:
      (Windows) C:\Temp
      (Linux) /tmp

   2. Run the following command:
      Example:

      <JRE_HOME>\bin\keytool -genkey -alias smartreporting -keyalg RSA -keystore <keystoreFile> -storepass <keystorePassword> -dname "CN=<TSSR FQDN>" -keypass
       <keyPassword> -validity 3650 -keysize 4096 -sigalg SHA256withRSA -storetype jks

      The alias must be smartreporting

      The keystore file name must be tsr.keystore

      The keypass and storepass must be the same

      
      (Windows)

      "C:\Program Files\Java\jre-11.0.7_11\bin\keytool" -genkey -alias smartreporting -keyalg RSA -keystore C:\Temp\tsr.keystore -storepass password -dname "CN=tssr.example.com" -keypass
       password -validity 3650 -keysize 4096 -sigalg SHA256withRSA -storetype jks

      (Linux)

      /usr/local/jre-11.0.7_10/bin/keytool -genkey -alias smartreporting -keyalg RSA -keystore /tmp/tsr.keystore -storepass <keystorePassword> -dname "CN=<TSSR FQDN>" -keypass
       <keystorePassword> -validity 3650 -keysize 4096 -sigalg SHA256withRSA -storetype jks

5. Create a request for a signed certificate:

   1. Run the following command to create a certificate signing request (CSR):
      Example:

      <JRE_HOME>\bin\keytool.exe -certreq -alias smartreporting -keystore <keystoreFile> -storepass <keystorePassword> -keypass <keyPassword> -ext san=dns:<TSSR FQDN> -file <CSRFileName>

      (Windows)

      "C:\Program Files\Java\jre-11.0.7_11\bin\keytool" -certreq -alias smartreporting -keystore "C:\Temp\tsr.keystore" -storepass password -keypass password -ext san=dns:tssr.example.com file "C:\Temp\tssr.csr"

      (Linux)

      /usr/local/jre-11.0.7_10/bin/keytool -certreq -alias smartreporting -keystore /tmp/tsr.keystore -storepass password -keypass password -ext san=dns:tssr.example.com -file /tmp/tssr.csr

6. Send the CSR to the CA for signing and request the CA to return the signed certificate file in the .p7b format.  The p7b will contain the signed cert and the ca-chain certs.
7. Import the signed certificate into the keystore . 
   

   1. Run the following command to import the certificate into the keystore:
      Example

      <JRE_HOME>/bin/keytool -importcert -keystore <keystoreFile> -file <cert.p7b> -storepass <keystorePassword> -keypass <keyPassword> -alias smartreporting -storetype jks -trustcacerts

      (Windows)

      "C:\Program Files\Java\jre-11.0.7_11\bin\keytool" -importcert -keystore "C:\Temp\tsr.keystore" -file "C:\temp\tssr.p7b" -storepass password -keypass password -alias smartreporting -storetype jks -trustcacerts
      

      (Linux)

      /usr/local/jre-11.0.7_10/bin/keytool -importcert -keystore /tmp/tsr.keystore -file /tmp/tssr.p7b -storepass password -keypass password -alias smartreporting -storetype jks -trustcacerts

8. If you have used a different password for the keystore than the one currently set or used a different keystore file name, do the following to update Tomcat with these changes:

   1. Navigate to the following path, and open the server.xml file:

   2. <TSSR-P_installation_directory>/appserver/conf/server.xml

   3. In the <Connector port="9443" section, update the keystore file name and password if either has changed:
      (Windows)

      keystoreFile="${catalina.base}\conf\tsr.keystore"
      keystorePass="changeit"

      (Linux)

      keystoreFile="${catalina.base}\conf\tsr.keystore"
      keystorePass="changeit"

9. <TSR_UTILITY> _ how to use ????
10. Stop the TrueSight Smart Reporting - Platformservice.
    (Windows) sc stop SERVICENAME ??????
    (Linux) <TSSR-P_Installation_directory>/appserver/bin/shutdown.sh
11. Copy the new keystore file from the temporary location to <TSSR-P_Installation_directory>/appserver/conf/tsr.keystore
12. Start  the TrueSight Smart Reporting - Platform service.
    
    • (Windows) sc start SERVICENAME ????
    • (Linux) <TSSR-P_Installation_directory>/appserver/bin/startup.sh

To verify the connection to TrueSight Smart Reporting from the browser

You can verify that the new certificates are successfully applied on TrueSight Smart Reporting - Platform. To do this:

1. Close all browser instances.
2. Open the following URL in a new browser instance:
   https://<TrueSight Smart Reporting hostname>:<port>/tsr
3. Verify that the TrueSight Smart Reporting - Platform URL opens in the https mode and shows the connection as secure.
   
   

Back to the top