Configure Secure Communication Between the Export Engine and Intelligence Server

HTTPS is used to secure communication between the Export Engine service and Intelligence server.

Enable HTTPS

To enable HTTPS, you need to explicitly set the following property in application.properties of the Export Engine:

Copy

## Whether to enable HTTPS support. Default: false.
server.ssl.enabled=true
## Whether the value of server.ssl.key-store-password is encrypted. Default: false
password.encrypted=true

The following properties must be correctly configured with the HTTPS certificate:

Copy

## The keystore that contains a private key and a certificate chain. If HTTPS is enabled, this is required.
server.ssl.key-store=

## The keystore type. It must be either PKCS12 or JKS. Default: PKCS12.
server.ssl.key-store-type=PKCS12

## The keystore password. This is required to decrypt and read the keystore.
server.ssl.key-store-password=

## The key alias in the keystore. If HTTPS is enabled, this is required to find the corresponding key in the keystore.
server.ssl.key-alias=

Open application.properties located in <install path>/Export. For example:
- In Linux:/opt/mstr/MicroStrategy/install/Export/
- In Windows: C:\Program Files (x86)\MicroStrategy\Export\
Add the following parameters to application.properties:
- server.ssl.enabled - Set to true to enable HTTPS.
- server.ssl.key-store - The correct path of the corresponding certificate. For example, /home/mstr/Desktop/HTTPS/xxxxx.p12. The administrator needs to pursue the right certificate to use.
- server.ssl.key-store-type - The value of this parameter (either PKCS12 or JKS) must be consistent with the certificate type. The defautl value is PKCS12.
- server.ssl.key-store-password - If the password is not encrypted, the parameter password.encrypted is set to false. If you want to encrypt the password, the parameter password.encrypted must be set to true, and a tool must be used to get the encrypted password.
  
  In Linux:
  1. Run the command ./pdfexporter.sh encrypt to generate an encrypted password.
  2. Paste the output as the value of server.ssl.key-store-password and set password.encrypted to true.
  In Windows:
  1. Run encryptor.bat to generate an encrypted password.
  2. Paste the output as the value of server.ssl.key-store-password and set password.encrypted to true.
- server.ssl.key-alias - When you set the alias of the key when generating the key, you need to fill in the alias. If you did not set it, you can comment this parameter.
Start the Export Engine service.

If the parameters are correctly configured, the Export Engine service starts normally. If the startup fails, check NewExportEngine.log to troubleshoot.

Enable HTTPS on the Intelligence server.

A new option is added to the registry under [HKEY_LOCAL_MACHINE\SOFTWARE\MicroStrategy\DSS Server\PDFExporter] or [HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432\MicroStrategy\DSS Server\PDFExporter].

Key	Default Value	Type	Description
`https`	0	`DWORD (32-bit)`	If this is set to 1, HTTPS should be used instead of HTTP to communicate with the Export Engine. As Consul can only return an IP address and a port, no protocol is returned. The IntelligencesServer should read this value to decide whether HTTPS should be used.
`host`	localhost	`String`	The Intelligence server will try connecting to the Export Engine with this host name. If it does not exist, the Intelligence Server queries the Export Engine from Consul. This value should be the same as the certificate value.
`port`	20100	`DWORD (32-bit)`	The Intelligence server will try connecting to the Export Engine with this port number. If it does not exist, the Intelligence Server queries the Export Engine from Consul.
`ssl.ca.location`		`String`	Bundle of root CA certificates that the Intelligence server passes to cURL. It’s used to identify any HTTPS endpoints, including the Export Engine.

Run a dashboard and export to PDF.

Confirm that the PDF export is successful. If export fails, check NewExportEngine.log and DSSErrors.log to troubleshoot.