Login
        Contents x
        SSL Configuration
        • 22 Jun 2022
        • 3 Minutes to read
        • Contributors
        • Print
        • Dark
          Light
        Contents

        SSL Configuration

        • Updated on 22 Jun 2022
        • 3 Minutes to read
        • Contributors
        • Print
        • Dark
          Light
        Article summary

        SSL configuration

        It is possible to configure SSL for BI part either from an official certificate or a self-signed certificate. Then you will need to configure the ZETALY web interface to use secured connections.

         

        Official certificates

        1.            In your browser, open the Configuration Manager located at http://localhost:3030. This access cannot be done remotly, please, access to this manager from the BI machine.

        2.            Toggle the Enable SSL switch to Enabled.

         

        3.            Upload or enter your SSL certificate. BI part supports two types of certificates, PFX and CERT files. Typically, these files are provided by a third party provider.

        When using SSL, the certificate must include the root certificate and any intermediate certificates.

        PFX: PFX files contain the public key file (SSL certificate file) and the associated private key file in a single file. If you select PFX, drag the PFX file into the browser or click Browse and navigate to the file. In PFX Password, enter the password you received after your PFX was generated.

         Une image contenant texte Description générée automatiquement

        CERT-Key: A .cert file is the public key, which is used to verify client authentication requests. 

        It is what is received by an HTTP client from a server in the SSL handshake. If you select CERT-KEY, two boxes are displayed CERT File and Key File. In CERT File, drag the .cert file into the browser or click Browse and navigate to the file. In Key File, drag the key file into the browser or click Browse and navigate to the file. The .key file is the private key to the certificate.

        Alternatively, if the files are not provided, and you have received a coded certificate and key, you can enter these values in the SSL Certificate and SSL Key fields.

        4.            In Port, enter the port to be used when accessing BI part. By default, this is 8081, however, if you are implementing SSL, typically the port is set to 443.

        5.            After you have finished defining these settings, in the Configuration Manager, click Save.

        6.            In your browser, open the Configuration Manager located at http://localhost:3030/base

        To access http://localhost:3030/base  (see screenshots above), click several times (at least 5 times) on the empty area at the top left. 

        Then, when the left panel is displayed, click on "Base Configuration".


        Verify the port number for client_port

         

        It must be the same value as you defined for SSL.

        Update it if is required then click on Save. 

        If you changed the port, make sure your IIS configuration matches your configuration.

        Reset IIS.



        Self-Signed Certificates

        If you are using a self-signed certificate, you may experience problems connecting to data sources. This is caused by the self-signed certificate being rejected.

        To fix this, you need to give the NODE_EXTRA_CA_CERTS environment variable a file path to a file containing your certificate.

        To prevent self-signed certificates from being automatically rejected:

        1.            On the server where BI is installed, open a file explorer and right-click on This PC (Or My Computer in older versions of Windows) and select Properties.

        2.            On the left hand side, click on Advanced system settings.

        3.            In System Properties, click on Environment Variables.

         Une image contenant texte Description générée automatiquement

        4.            In Environment Variables, under the System variables area, click New.

         Une image contenant texte Description générée automatiquement

        5.            In the New System Variable dialog box, in Variable name, enter NODE_EXTRA_CA_CERTS.

         

        6.            In Variable value, enter the address of your .ca file.

        OR

        Select Browse file and navigate to the .ca file.

        7.            Click OK.

        8.            Restart your computer. This should resolve connection problems caused by sign certificates.

        Self-Signed Certificates with modern browsers

        Modern browsers doesn’t accept self-signed certificates by default. Users may have a BI connectivity problem when accessing Zetaly Hub. 

        It can be necessary to access first to BI home page to accept the certificate (no need to login).

        SSO Login page

        Don’t forget to change the “Remote Login URL” if needed protocol (http become https) :

        1.            In your browser, open your BI instance and go to Admin tab.

        2.            Go to Single Sign On and modify “Remote Login URL”



        Finally, if you have not restart your computer yet, please do it.


        What's Next
        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout