Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence >
Configuring Oracle Business Intelligence to Communicate Over SSL
The components of Oracle BI are configured to communicate over SSL by setting SSL-related parameters. Table 10 provides a description of the parameters and example values used when configuring the BI components for SSL.
Table 10. SSL Parameters Used by Oracle BI Components
|
|
Certificate File |
The certificate file. For components acting as SSL servers such as BI Server and BI Scheduler, this is the Server Certificate filename. For example, server-cert.pem. For client components, such as BI ODBC Client Data Source, this is the Client Certificate filename. For example, client-cert.pem. |
Private Key File |
The private key file. For server components, this is Server Private Key filename. For example, server-key.pem. For client components, this is the Client Private Key filename. For example, client-key.pem. |
Passphrase File or Passphrase Program |
Used to obtain the passphrase needed to decrypt the private key. Specify either a file containing the passphrase or a program that outputs the passphrase. |
CA Certificate File or CA Certificate Directory |
These two parameters reference the CA certificate file. The CA is used to verify the server or client certificate when Verify Peer is set to true. Set either the CA Certificate File or CA Certificate Directory parameter. The CA Certificate File parameter specifies the name and path of the trusted CA Certificate. The CA Certificate Directory contains hash versions of trusted CAs. |
Verify Peer |
When set to true, the BI component verifies that the other component to the connection has a valid certificate (that is, mutual authentication). A value of false permits a connection to any peer. |
Certificate Verification Depth |
The depth of certificate chain. A depth of one means a certificate has to be signed by one of the trusted CAs. A depth of two means the certificate was signed by a CA that was further verified by one of the CAs. |
Trusted Peer Distinguished Names |
Used to specify individual named clients (by Distinguished Name) that are allowed to connect. DN identifies the entity that holds the private key that matches the public key of the certificate. |
Cipher Status |
A list of cipher suites that should be permitted. See OpenSSL documentation. For example, SSL_CIPHER_LIST="EXP-DES-56-SHA"; |
Minimum Security and Near-Maximum Security Scenarios
Two configuration scenarios are defined: - Minimum security scenario.
For server components such as Oracle BI Server or Oracle BI Cluster Controller, the minimum security scenario satisfies the following conditions:
- Near-Maximum security scenario.
For Server components, near-maximum security scenario satisfies the following conditions, in addition to the settings in minimum security scenario:
NOTE: It is highly recommended that you first configure your Oracle BI deployment for functionality and ensure that all Oracle BI components are operational and functional, including BI Publisher if you are using the Oracle BI Reporting and Publishing feature, before you enable communication of BI components to occur over SSL. Determine whether you wish to implement the minimum or maximum security scenario.
The configuration tasks are for configuring a single instance of each BI component. If you have multiple instances of a BI component in your deployment, perform the configuration for all instances of each component. Alternately, you may configure one instance of a BI component and copy the configuration files and certificates, keys, and stores as appropriate to other instances, and perform machine-specific changes to the configuration file if needed. NOTE: Before performing the configuration, stop all BI services and processes. Restart services and processes after configuration is complete for the changes to take effect.
|