Encrypting a Standalone Installation

If all Jedox services are running on the same server, the following configuration can be used.

Jedox Web

In Jedox Web, you have to adjust the httpd.conf.

in Windows: <Install_path>\Jedox Suite\httpd\conf\httpd.conf
in Linux: <Install_path>/etc/httpd/conf/httpd.conf

Change the standard parameters from:
Define JDX_SERVER_DNS "127.0.0.1"
Define JDX_SERVER_IP "127.0.0.1"
to:
Define JDX_SERVER_DNS "www.example.com"
Define JDX_SERVER_IP "www.example.com"

To activate the SSL module change:
#Define SSL
#Define JDX_REDIRECT_HTTP
to:
Define SSL
Define JDX_REDIRECT_HTTP

Add the correct path to the certificates in following lines:
Define JDX_SSLCERTIFICATEFILE_TMPL "<path to certificate>"
Define JDX_SSLCERTIFICATEKEYFILE_TMPL "<path to privatekey>"
Define JDX_SSLCACERTIFICATEFILE_TMPL "<path to ca bundle>"=

Jedox In-Memory DB

If "encryption optional" is used, unencrypted connections are also possible. For complete security, "encryption required" should be used.

Adjust the palo.ini as follows:

in Windows: <Install_path>\Jedox Suite\olap\data\palo.ini
in Linux: <Install_path>/Data/palo.ini

http "" 7777
....
admin "127.0.0.1" 7790
encryption required
https 7778
key-files <path to ca bundle> <path to cert + privkey> <path to diffie hellman param file>

  1. Parameter is the ca bundle, which contains root certificate and intermediate certificates.
  2. Parameter is a certificate file combined with the private key.
  3. Parameter is diffie hellman param file, which can be generated.

Important: the port used for the "admin" connection is used for all other internal settings.

Core

Change the port in

Windows: <Install_path>\Jedox\Jedox Suite\httpd\app\etc\config.php
Linux: <Install_path>/httpd/app/etc/config.php

Define('CFG_PALO_PORT', '7777');

to:

Define('CFG_PALO_PORT', '7790');

Windows: <Install_path>\Jedox\Jedox Suite\core\palo_config.xml

Linux: core-Linux-x86_64/etc/palo_config.xml

<host>127.0.0.1</host>

<port>7777</port>

to

<port>7790</port>

After that save the changes and restart the service/processes.

SVS

Change the port in

Windows: <Install_path>\Jedox Suite\svs\php.ini

Linux: <Install_path>/svs-Linux-x86_64/php.ini

from:

palo_server_port=7777

to:

palo_server_port=7790

Communication in Jedox Web

Adjust the OLAP connections in Jedox Web Administration to use the internal interface 127.0.0.1 and port 7790.

Excel Client Configuration

In Excel, the complete certificate chain is necessary to get access to the server. Make a copy of the complete certificate chain (root certificate, root CAs, and intermediate CAs) and name it client.pem. Then move the file to <Install_path>\xladdin\cert\

When creating a connection, use the correct server address that matches the CN used in the server certificate. If a wildcard certificate is used (such as *.jedox.local), the intermediate certificates must be added to the client.pem in addition to the root certificate. Root and intermediate certificates can be found in the ca_bundle.pem, as described in and Encrypting a Standalone Installation.

Note: Direct connection via TLS (port 7778) to OLAP is now supported:

  • On legacy cloud systems: it is possible to set an HTTPS address, and an HTTPS port for OLAP in Excel connections. The connection then should be made only on the HTTPS interface.
  • On Cloud AKS environments: the connection works the same as before.

To read about encrypting internal Jedox In-Memory connections, look at the Encrypting Jedox In-Memory DB article.

Updated September 27, 2022