In this section:
The server supports encryption of passwords in configuration files, as well as SSL encryption for the TCP/HTTP Listener and encryption of data passed between a hub server and a remote server or cluster server.
You can select an encryption algorithm for passwords stored in configuration files.
The Encryption and Decryption page opens.
You can configure the Reporting Server to employ user-defined password encryption and decryption programs.
User-defined encryption and decryption are available from the Settings option on the Web Console Access Control navigation tree. Right-click Access Control (the top level of the tree to open the Access Control - Settings page. Set the parameter cfgfile_cipher to user defined program, which enables you to specify your password encryption and decryption programs by entering them in the cfgfile_cipher_encrypt and cfgfile_cipher_decrypt text boxes.
Note: If you choose to use password encryption outside the server, only the path to the decryption program needs to be specified.
In cases where a password is encrypted outside of the server, the encrypted password string (or label) must be used, instead of the password in server and adapter configurations. When user-defined program is chosen, all passwords for registered user in the admin.cfg file, all adapter connections in the edasprof.prf file (or user, group and role profiles), passphrases in the odin.cfg file, and pooled user passwords need to be encrypted using the same encryption program. They will be decrypted using the same decryption program. Remote Server connections in the odin.cfg file do not support the user-defined encryption option. If user-defined encryption is chosen, the Cluster Manager Feature should not be enabled.
The Access Control Settings page opens.
Two additional parameters are displayed.
When the server io_encryption setting is ON, binary, alpha, and delimited HOLD files in edatemp and foccache are encrypted. Data agent trace files (tsxxx.trc) and agent output files (tsxxx.tro) are also encrypted as a result of this setting. After encryption, the extensions for these files are .trce and troe, respectively. This prevents the user from opening these files in editors outside of the Web Console or Data Management Console. Trace files and agent output files can be viewed from the Web Console Workspace page under Traces And Logs.
To turn on the io_encryption setting, do the following:
The Encryption and Decryption page opens.
The default encryption algorithm is DES. You can change the type of encryption using the cfgfile_cipher setting available on the same page.
This setting will be added in the edaserve.cfg configuration file.
You can enable SSL for the TCP/HTTP Listener to encrypt all traffic between the server and any client application, such as the WebFOCUS Client, a remote server, or a cluster server.
The Listener Configuration page opens.
Additional fields needed for SSL configuration appear.
Note that OpenSSL libraries libeay32.dll and ssleay32.dll must be in the path to enable SSL.
Contains the certificate chain in order, starting with the certificate for the listener and ending with the root CA certificate. Each of these entries must be in PEM format.
Note that the administrator at the installation site must acquire valid security certificates (self signed or commercial).
Defines the file that contains the private key of the listener. It must correspond to the public key embedded within in the certificate and must be in PEM format.
If the file defined in SSL_PRIVATE_KEY is encrypted, a passphrase must be provided here to decrypt the private key.
Defines the name of a file containing a trusted CA certificate in PEM format. It is used to verify the client certificate. If the client fails to send a certificate or verification fails, connections are rejected. More than one CA certificate may be present in the file.
You can enable encryption of data passed between the server and a remote server or cluster server.
The Remote Server Configuration page opens.
The following encryption ciphers are available:
The following encryption modes are available:
The following RSA key lengths are available:
You can set the HTMLENCODE parameter to control whether HTML tags in data are encoded as plain text or HTML tags. The value ON encodes the tags as plain text so that the browser does not consider them to contain executable code. This prevents an attack on the server by inserting executable code into data. You can set the value of HTMLENCODE to ON on the server Miscellaneous Settings page, available from the Workspace tab of the Web Console. Doing so places this setting in edasprof and enforces it server wide.