- Open the NQSConfig.INI file for editing. Locate the following lines:
#SS=NO;
#SSL_CERTIFICATE_FILE="servercert.pem";
#SSL_PRIVATE_KEY_FILE="serverkey.pem";
#SSL_PK_PASSPHRASE_FILE="serverpwd.txt";
#SSL_PK_PASSPHRASE_PROGRAM="sitepwd.exe";
#SSL_VERIFY_PEER=NO;
#SSL_CA_CERTIFICATE_DIR="CACertDIR";
#SSL_CA_CERTIFICATE_FILE="CACertFile";
#SSL_TRUSTED_PEER_DNS="";
#SSL_CERT_VERIFICATION_DEPTH=9;
#SSL_CIPHER_LIST="";
- Uncomment the lines shown below and set the parameter values:
SSL=YES;
SSL_CERTIFICATE_FILE="<Server Certificate Filename>";
SSL_PRIVATE_KEY_FILE="<Server Private Key Filename>";
Set one of the following lines depending on whether you are using a passphrase file or a passphrase program:
#SSL_PK_PASSPHRASE_FILE="serverpwd.txt";
#SSL_PK_PASSPHRASE_PROGRAM="sitepwd.exe";
If you are using a passphrase file, uncomment and set the line:
SSL_PK_PASSPHRASE_FILE="<passphrase file>";
If you are using a passphrase program, uncomment and set the line:
SSL_PK_PASSPHRASE_PROGRAM="<passphrase-producing program>";
- Uncomment and set the following line:
SSL_VERIFY_PEER=YES;
When this parameter is set to YES, Oracle BI Server clients must provide valid certificates.
- Set one of the following lines depending on whether you are using the Certificate Authority (CA) certificate file or the hashed version of the CA certificate:
#SSL_CA_CERTIFICATE_DIR="CACertDIR";
#SSL_CA_CERTIFICATE_FILE="CACertFile";
If you are using the CA certificate file, uncomment and set the line:
#SSL_CA_CERTIFICATE_FILE="<Certificate Authority Certificate filename>";
If you are using the hashed version of the CA certificate, uncomment and set the line:
SSL_CA_CERTIFICATE_DIR="OracleBI_HOME>\ssl";
The directory specified must contain the CA certificate named by the hash value.
- Uncomment and set the following line:
SSL_TRUSTED_PEER_DNS="";
The DNS may be empty, multiple or part of one DN. It specifies the clients allowed to connect.
For example:
SSL_TRUSTED_PEER_DNS="C=US/ST=CA/L=Redwood Shores/O=Oracle/OU=BI/CN=clientcertificate";
- Uncomment and set the following line:
SSL_CERT_VERIFICATION_DEPTH=<value>;
- Uncomment and set the following line:
SSL_CIPHER_LIST="";
For example: SSL_CIPHER_LIST="EXP-DES-56-SHA";
After modification, the SSL portion of the NQSConfig.INI file should be similar to:
SSL=YES;
SSL_CERTIFICATE_FILE="server-cert.pem";
SSL_PRIVATE_KEY_FILE="server-key.pem";
#SSL_PK_PASSPHRASE_FILE="serverpwd." \
# Line above commented out since passphrase program is used
SSL_PK_PASSPHRASE_PROGRAM="passphrase.exe";
SSL_VERIFY_PEER=YES;
#SSL_CA_CERTIFICATE_DIR="CACertDIR";
# Line above commented out since certificate file is used
SSL_CA_CERTIFICATE_FILE="cacert.pem";
SSL_TRUSTED_PEER_DNS="C=US/ST=CA/L=Redwood Shores/O=Oracle/OU=BI/CN=clientcertificate"; SSL_CERT_VERIFICATION_DEPTH=1;
SSL_CIPHER_LIST=" EXP-DES-56-SHA";
- Copy the server certificate, private key and passphrase file or program to the directory OracleBI_HOME\server\Config or OracleBI_HOME/server/Config.
- To the location specified in Step 8, also copy the CA certificate file if you have specified the CA Certificate File parameter.
- If you have specified the CA Certificate Directory parameter, copy the hash version of the CA certificate to the directory specified.