You can provide the keys and certificates required to allow Oracle BI EE clients, for example, the Administration Tool, and Job Manager to connect to SSL-enabled servers.
Assumptions:
You run commands from master host.
You can complete this operation online and offline.
Prerequisites
Certificates are created using either the configuration assistant or by running ./ssl.sh regenerate command.
SSL on WebLogic is enabled.
The system can be stopped or running.
Use the following command to export client identity and trust to 'mydir':
./ssl.sh exportclientcerts mydir
Note certificates and zip file are generated.
Post Conditions
Mydir contains zip file clientcerts.zip
Mydir also contains expanded content of the zip file for immediate use:
clientcert.pem
clientkey.pem
identity.jks
internaltrust.jks
internaltrust/internalca.pem
internaltrust/<hashed form of above>
java clients such as Job Manager can successfully connect with secure option 'verify server certificate' set using identity.jks to define identity, and internaltrust.jks for their trust.
openssl clients such as the Administration Tool can successfully connect with secure option 'verify peer' set using clientcert.pem and clientkey.pem to define their identity, and internalca.pem as the trust file.