KB325485: How to configure TLS/SSL between the MicroStrategy Web Server and MicroStrategy Intelligence Server

Quality Engineer • MicroStrategy

Pre-requisites:

SSL must already be configured on the Strategy Intelligence Server.
Strategy Developer must successfully connect to the Intelligence Server via the SSL port.
Strategy Web must be connected to the Strategy Intelligence Server via the name configured in the certificate.
Access to a machine with the keytool utility.

Action

Configuring SSL for Strategy Web involves two simple steps, and one conditional step if using an internal Certificate Authority for the Strategy Intelligence Server certificate.

This tech note covers the following areas:

Setting Default Properties in the Strategy Web Server to the correct port.
Setting Intelligence Server properties for the Web Administration page.
Setting Strategy Web to use SSL encryption between Strategy Web and the Strategy Intelligence Server.
Creating a custom trust store and configuring the Strategy.xml [Only required if using an internal Certificate Authority].

Setting Default Properties.
a) Navigate to the Strategy Web Administration page and go to Default Properties.
b) Set the default port value to the SSL port for the Strategy Intelligence Server, as shown below:

The default SSL port is 39321.

Setting Intelligence Server properties.
If the Intelligence Server has already been added to the Web Administration page, the port has to be modified as follows:
a) Navigate to the Strategy Web Administration page, go to Servers, and disconnect the Intelligence Server.
b) Select Modify in the properties column:

c) Update the port to the SSL/TLS port (39321) and save:

Setting Strategy Web to use SSL.
a) In the Strategy Web Administrator page, navigate to Security on the left navigation panel.
b) At the top, set the encryption level from "No encryption" to SSL, as shown below:

Creating a custom trust store.
If using an internal Certificate Authority, it is necessary to create a custom truststore, insert the root Certificate Authority certificate into the truststore, and configure the Strategy.xml file in Strategy Web to point to the truststore.
a) Create a truststore and insert the root CA certificate with the following keytool command:
```
keytool -import -file rootCA.crt -alias rootCA -keystore myTrustStore.jks
```
Note: The root CA may not be in a .crt format. Depending on the format, conversion may be required. Communicate with the internal resource that supplied the certificate for conversion.

b) Copy
```
myTrustStore.jks
```
to the Web Server machine under
```
<Strategy Web Home>/WEB-INF.
```
c) Modify the entries noted below in the
```
Strategy.xml
```
file located at
```
<Strategy Web Home>/WEB-INF 
```
```
<parameter name="sslTruststore" value="/WEB-INF/myTrustStore.jks" />

<parameter name="sslTruststorePwd" value="changeit" />
```
Note: The default password for a keystore created truststore is "
```
changeit
```
."

Comment

0 comments

Details

Knowledge Article

Published:

June 12, 2017

Last Updated:

February 26, 2024

Action

Setting Default Properties in the Strategy Web Server to the correct port.

Setting Intelligence Server properties for the Web Administration page.

Setting Strategy Web to use SSL encryption between Strategy Web and the Strategy Intelligence Server.

Creating a custom trust store and configuring the Strategy.xml [Only required if using an internal Certificate Authority].

Setting Default Properties.
a) Navigate to the Strategy Web Administration page and go to Default Properties.
b) Set the default port value to the SSL port for the Strategy Intelligence Server, as shown below: