Applies to: Kyvos Reporting

By default, Kyvos Reporting is installed to operate without SSL. However, you can configure Kyvos Reporting Report Server and Web Portal to communicate over a secure SSL connection. This ensures that all data exchanged between the web portal and the report server is encrypted, maintaining data privacy and integrity.

Prerequisites

Kyvos Reporting installs the Tomcat web server by default. The instructions below guide you in enabling SSL on Tomcat. Ensure that Kyvos Reporting is installed before proceeding.

Step 1: Update the Tomcat Configuration File

The changes for SSL are made in the server.xml file, located at:

<Kyvos Reporting_Installation_Path>/Jakarta/conf/server.xml

For Windows (Using APR/OpenSSL)

Kyvos Reporting uses the APR connector in Windows for enhanced performance. This requires OpenSSL-style configuration.

Files required:

localhost.crt (Certificate file)
localhost.key (Key file)

These files are located in:

<Kyvos Reporting_Installation_Path>/Jakarta/conf/

To configure SSL:

Open server.xml in a text editor.
Locate the commented SSL Connector block similar to the example below:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           SSLCertificateFile="../conf/localhost.crt"
           SSLCertificateKeyFile="../conf/localhost.key"
           SSLPassword="Kyvos Reporting" />
-->

Remove the comment tags () to activate the SSL connector.
Modify the port or sslProtocol attributes if required.
- To specify multiple TLS versions:
  sslProtocol="TLSv1,TLSv1.1,TLSv1.2"

Tip

You may optionally use your own certificate and key files. Refer to Tomcat SSL Configuration – APR for details.

For Linux (Using JSSE)

Kyvos Reporting on Linux does not use APR by default. Instead, it uses a Java KeyStore (JKS).

File required:

.keystore file located at:

<Kyvos Reporting_Installation_Path>/Jakarta/conf/.keystore

To configure SSL:

Open server.xml in a text editor.
Locate the commented JSSE-based SSL Connector block:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="conf/.keystore" />
-->

Remove the comment tags to activate the connector.
You can change the port and other properties as needed.

Tip

You can generate your own .keystore file. Refer to the Quick Start guide on Tomcat SSL configuration.

Step 2: Accessing Kyvos Reporting over HTTPS

After enabling SSL, users can access the Kyvos Reporting Portal using the secure URL format:

https://<ServerIP>:<Port>/KyvosReporting

Example:

To access from the same machine using port 8443:

https://localhost:8443/KyvosReporting

Step 3: Accepting the SSL Certificate

On the first access, users may see a certificate warning depending on their browser. They must accept the certificate to proceed.

Some browsers allow users to permanently accept the certificate.
In others, users may need to accept the certificate on every visit.