In a production environment, we strongly recommend using certificates signed by an official certificate authority(CA). For more details, please check http://en.wikipedia.org/wiki/Transport_Layer_Security.
Use of self-signed certificates is generally possible, but not all features are fully supported. For example, a self-signed certificate is not accepted by Android or IOS. Access from mobile apps only works when using a signed certificate from an official CA.
Creating self-signed certificates for testing purposes
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.pem -out server.pem -sha256
Using signed certificates
If you are using official signed certificates, you can merge the content of all certificate components into one file. Important: if your private key is password encrypted, this needs to be removed (see next section).
Removing private key password (only if private key is encoded with a password)
openssl rsa -in encrypted_private.key -out unencrypted_private.key
Configuring the Jedox Web Server
Necessary changes in (standard paths):
Windows: C:\Program Files (x86)\Jedox\Jedox Suite\httpd\conf\httpd.conf:
1.) Add the correct server address in following lines:
Define JDX_SERVER_DNS "www.example.com"
Define JDX_SERVER_IP "www.example.com"
2.) Remove the “#” character from the “Define SSL” and “JDX_REDIRECT_HTTP” parameter to activate SSL and the redirect from http tp https:
3.) Copy your certificates into the httpd folder (Standard path):
Windows: C:\Program Files (x86)\Jedox\Jedox Suite\httpd\conf\ssl\
Add the path to the certificate here:
Define JDX_SSLCERTIFICATEFILE_TMPL "<path to certificate>"
Define JDX_SSLCERTIFICATEKEYFILE_TMPL "<path to privatekey>"
Define JDX_SSLCACERTIFICATEFILE_TMPL "<path to ca bundle>"
After adjusting these settings, the Jedox HTTPD service needs to be restarted.
Next step: Encrypting Jedox In-Memory DB