Encrypting Jedox Web (HTTPS)


In a production environment, we strongly recommend using certificates signed by an official certificate authority(CA). For more details, please check http://en.wikipedia.org/wiki/Transport_Layer_Security.

Use of self-signed certificates is generally possible, but not all features are fully supported. For example, a self-signed certificate is not accepted by Android or IOS. Access from mobile apps only works when using a signed certificate from an official CA.

Creating self-signed certificates for testing purposes

Use OpenSSL to create self-signed certificates in the following manner:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.pem -out server.pem -sha256

Using signed certificates

If you are using official signed certificates, you can merge the content of all certificate components into one file.  Important: if your private key is password encrypted, this needs to be removed (see next section).

Removing private key password (only if private key is encoded with a password)

openssl rsa -in encrypted_private.key -out unencrypted_private.key

Configuring the Jedox Web Server

Necessary changes in (standard paths):
Windows:  C:\Program Files (x86)\Jedox\Jedox Suite\httpd\conf\httpd.conf:
Linux:        /opt/jedox/ps/etc/httpd/conf/httpd.conf:

1.)  Add the correct server address in following lines:

Define JDX_SERVER_DNS "www.example.com"

Define JDX_SERVER_IP "www.example.com"

2.) Remove the “#” character from the “Define SSL” and “JDX_REDIRECT_HTTP” parameter to activate SSL and the redirect from http tp https:

#Define SSL
Define SSL


3.) Copy your certificates into the httpd folder (Standard path):
Windows:  C:\Program Files (x86)\Jedox\Jedox Suite\httpd\conf\ssl\
Linux:        /opt/jedox/ps/etc/httpd/ssl/

Add the path to the certificate here:

Define JDX_SSLCERTIFICATEFILE_TMPL "<path to certificate>"

Define JDX_SSLCERTIFICATEKEYFILE_TMPL "<path to privatekey>"

Define JDX_SSLCACERTIFICATEFILE_TMPL "<path to ca bundle>"

After adjusting these settings, the Jedox HTTPD service needs to be restarted.


Next step: Encrypting Jedox In-Memory DB