Configuring SAP Business Objects internal communication to enable TLS

The Central Management Server communicates with the BI launch pad over https connection. Perform the following steps to enable this communication to be TLS compliant: 

To configure the Central Management Server and Repository 

1. To open the Central Configuration Manager (CCM), from the desktop or Start menu, navigate to Sap Business Intelligence -> SAP BusinessObjects Platform 4 -> Central Configuration Manager.
2. Stop the Tomcat web server.
3. Locate the server.xml file located in the <TrueSight Operations Management Report Engine Install directory>\SAP BusinessObjects\Tomcat6\conf directory.
4. Make a copy of this file and save it as  server.xml.bak
5. Using a text editor open the server.xml file.

6. Uncomment  the instance of the code line having the Connector port value as tcp as shown in the following code block:

   <Connector port="8443" ....

7. Add the attributes to the xml file as shown in the following code block:

   keystorePass="Password1" keystoreFile="C:\SSL\.keystore". <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystorePass="bmcAdm1n" keystoreFile="C:\SSL\.keystore" sslProtocol="SSL" sslEnabledProtocols="TLSv1.2"/>
8. Save and close the file.

9. Enable the following environment variables:

   set JAVA_HOME=C:\Java64\jdk1.8.0_60

   set PATH=%PATH%;C:\Java64\jdk1.8.0_60\bin

   set CATALINA_HOME=C:\apache-tomcat-7.0.64-64bit

   set JAVA_OPTS=-Djdk.tls.client.protocols="TLSv1.2" -Dsun.security.ssl.allowUnsafeRenegotiation=false -Dhttps.protocols="TLSv1.2"
10. Start the Tomcat web server. 

11. Open the Central Management Server, and the BI launch pad web client using the port that is used to configure the TLS. For example, in the preceding command port number 8443 is used to configure TLS, hence open the server and client as shown below:

    Https://<BO_Hostname>:8443/BOE/BI

    Https://<BO_Hostname>:8443/BOE/CMC

Where to go from here