SSL is a cryptographic protocol that enables secure communication between applications across a network.
Enabling SSL communication provides several benefits, including message encryption, data integrity, and authentication. An encrypted message ensures confidentiality in that only authorized users have access to it. Data integrity ensures that a message is received intact without any tampering. Authentication guarantees that the person sending the message is who he or she claims to be.
SSL requires that the server possess a public key and a private key for session negotiation. The public key is made available through a server certificate signed by a certificate authority. The certificate also contains information that identifies the server. The private key is protected by the server.
See How SSL Works in Administering Oracle Fusion Middleware.
Using SSL in Oracle Business Intelligence
Oracle Business Intelligence components communicate with each other using TCP/IP by default. Configuring SSL between theOracle Business Intelligence components enables secured network communication.
Oracle Business Intelligence components can communicate only through one protocol at a time. It is not possible to use SSL between some components, while using simple TCP/IP communications between others. You must configure the following components to enable secure communication over SSL,:
Oracle BI Server
Oracle BI Presentation Services
Oracle BI JavaHost
Oracle BI Scheduler
Oracle BI Job Manager
Oracle BI Cluster Controller
Oracle BI Server Clients, such as Oracle BI ODBC Client
SSL is configured throughout the Oracle Business Intelligence installation from a single centralized point. Certificates are created for you and every Oracle Business Intelligence component (except Essbase) is configured to use SSL. The following default security level is configured by SSL:
SSL encryption is enabled.
Mutual SSL authentication is not enabled. Since mutual SSL authentication is not enabled, clients do not need their own private SSL keys.
The default cipher suites are used. See Manually Configuring SSL Cipher Suite.
When scaling out, the centrally managed SSL configuration is automatically propagated to any new components that are added.
If a higher level of security is required, manual configuration might be used to augment or replace the SSL central configuration. This is considerably more complex. For more information about how to configure SSL manually, contact Oracle Support.
Creating Certificates and Keys in Oracle Business Intelligence
Secure communication over SSL requires certificates signed by a certificate authority (CA). For internal communication, the SSL Everywhere feature creates both a private certificate authority and the certificates for you. The internal certificates cannot be used for the outward facing web server because user web browsers are not aware of the private certificate authority. The web server must therefore be provided with a web server certificate signed by an externally recognized certificate authority.
Scaling Out an SSL-Enabled System
To scale out a system that has internal SSL enabled, see Adding New Computers in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition, where the necessary ssl.sh bindchannelcerts call is made.