Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3.1 Generating the required certificates and keystores for SSL communication
Create a folder under Oracle Home where OBIEE 12c is installed. For E.g. /ssl
Set the environment variable PATH to include the JAVA_HOME/bin directory.
WINDOWS:
1 set JAVA_HOME=<path to JAVA install root>
2
3 set PATH=%JAVA_HOME%/bin;%PATH%
UNIX:
1 export JAVA_HOME=<path to JAVA install root>
2
3 export PATH=$JAVA_HOME/bin:$PATH
Create Java key store: Invoke the Java keytool utility to create a java key store. For example:
keytool -genkey -alias <alias> -keyalg RSA -sigalg SHA256withRSA -keysize <key_size> -keypass <password> -keystore <keystore_n
1 <store_type> -validity <days_of_validity>
For example:
1 > keytool -genkey -alias obiee12c -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -keypass Clearpeaks123 -keystore obiee12c.j
2 -storetype JKS -validity 365
3 What is your first and last name?
4 [Unknown]: obiee12c.clearpeaks.com
5 What is the name of your organizational unit?
[Unknown]: admin
6 What is the name of your organization?
7 [Unknown]: Clearpeaks
8 What is the name of your City or Locality?
9 [Unknown]: Abu Dhabi
What is the name of your State or Province?
10
[Unknown]: Abu Dhabi
11
Create a Certificate Signing Request (CSR). Use the following command to create a Certificate Signing Request:
keytool -certreq -v -alias <alias> -keyalg RSA -sigalg SHA256withRSA -file <filename> -keypass <password> -keystore <keystore>
1 -storepass <password>
1 >keytool -certreq -v -alias obiee12c -keyalg RSA -sigalg SHA256withRSA -file root_cert_req.csr -keypass Clearpeaks123 -storepas
Clearpeaks123 -keystore obiee12c.jks
2 Certification request stored in file root_cert_req.csr
3
4 Submit this to your CA
Submit this CSR to the signing authority board and in return, the root, intermediate and server certificates will be provided.
Import the CA into the Java Keystore. Use the following command to import the root, Intermediate and server certificate to the Java Keystore.
keytool -import -trustcacerts -alias <alias> -file <cacert_file> -keystore <keystore> -keypass <password> -
1 storepass <password>
1 >keytool -import -trustcacerts -alias rootca -file rootca.pem -keystore obiee12c.jks -keypass Clearpeaks123 -
2 storepass Clearpeaks123
.....................................
3 ....................................
4 Trust this certificate? [no]: yes
5 Certificate was added to keystore.
keytool -import -trustcacerts -alias <alias> -file <cacert_file> -keystore <keystore> -keypass <password> -
1 storepass <password>
>keytool -import -trustcacerts -alias interca -file interca.pem -keystore obiee12c.jks -keypass Clearpeaks123 -
1 storepass Clearpeaks123
2
3 Certificate was added to keystore
keytool -import -alias <alias> -file <servercert_file> -keystore <keystore> -keypass <password> -
1 storepass <password>
>keytool -import -v -alias server -file server.cer -keystore obiee12c.jks -keypass Clearpeaks123 -
1 storepass Clearpeaks123
2
3 Certificate reply was installed in keystore
Use the following command to verify whether the keystore contains the certificates
In case if the key store contains chain of certificates, use the following command:
3.2 Configuring Weblogic Admin Server, Node Manager and Managed Server for SSL
3.2.1 Configuring Weblogic Admin Server for SSL
Stop all the BI services using server script stop.sh
1 ./stop.sh
Note: In this, example the Custom Identity Trust keystore and Custom Trust Keystore are same.
Select the 'SSL' tab and enter the relevant information based on Step 1.
'Private Key Alias': <alias_given_when_creating_key> e.g. obiee12c
'Private Key Password': <keypass_pwd> e.g. Clearpeaks123
'Confirm Private Key Password': <keypass_pwd> e.g. Clearpeaks123
Click 'Save'
3.2.2 Configure Managed Server for SSL
Update the nodemanager.properties in <DOMAIN_HOME>/nodemanager folder with Custom Identity Keystore and Custom Trust Keystore details
1 KeyStores=CustomIdentityAndCustomTrust
2
3 CustomIdentityKeyStoreFileName=<Path to the Keystore>
4
5 CustomIdentityAlias=<Keystore Alias>
6
7 CustomIdentityPrivateKeyPassPhrase=<Key Passphrase>
8
CustomTrustKeyStoreFileName=<Path to the Keystore>
9
For example>
1 KeyStores=CustomIdentityAndCustomTrust
2
3 CustomIdentityKeyStoreFileName=<oracle_home>/ssl/obiee12c.jks
4
5 CustomIdentityAlias=obiee12c
6
7 CustomIdentityPrivateKeyPassPhrase=Clearpeaks123
8
CustomTrustKeyStoreFileName=<oracle_home>/ssl/obiee12c.jks
9
Import the Public certificates (root and intermediate) to Java Standard Trust Store, /jre/lib/security
Make sure WebLogic Admin and Managed Servers are up and running
Login to EM. Click weblogic domain>Security >Security Provider configuration
Expand the Identity Store Provider
Click Configure
Click + or Add to add a new property
Select ldap.url from the list. Enter the value ldaps://:
For e.g.: ldaps://obiee12c.clearpeaks.com:9501'
Click Ok
Import the SSL certificates into adapters.jks created in the <DOMAIN_HOME>/config/fmwconfig/ovd/default/keystores folder
Login to EM
Select WebLogic domain, and cross component wiring, components
Select component type, OWSM agent
Select WebLogic domain, and cross component wiring, components
Select the row owsm-pm-connection-t3 status 'Out of Sync', and click Bind.
The HTTP(s) OWSM link is not used when using a local OWSM
Select Yes in the pop-up box
Confirm by accessing the policy via the validator: https://obiee12c.clearpeaks.com:9503/wsm-pm/validator
1 >./ssl.sh report
EM Console - https://obiee12c.clearpeaks.com:9501/em
BI Presentation services: https://obiee12c.clearpeaks.com:9503/analytics