Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence > Configuring Oracle Business Intelligence to Communicate Over SSL >
Configuring Oracle BI Server Client
The following section contains information about configuring the Oracle BI Server client for minimum or near-maximum security deployment. Configuring Oracle BI Server Client on Windows in Minimum Scenario
Use this procedure to configure Oracle BI Server Client (BI ODBC Data Source) to communicate over SSL in a minimum security deployment. It is assumed that neither the Oracle BI Cluster Controller nor the Oracle BI servers have been set to require peer verification. To configure Oracle BI Server client on Windows in minimum scenarios
- On the Windows machine where the Oracle BI Server Client has been installed, open the ODBC Data Source Administrator.
- Navigate to the System DSN tab and the select Oracle Analytics Server DSN (by default called AnalyticsWeb). Click the Configure button to open the Oracle Analytics Server Configuration window.
- Check the Use SSL check box that appears on the configuration window.
Configuring Oracle BI Server Client on Windows in Near-Maximum Security Scenario
Use this procedure to configure Oracle BI Server Client (BI ODBC Data Source) to communicate over SSL in a maximum security deployment. To configure Oracle BI Server client on Windows in near-maximum security scenarios
- On the Windows machine where the Oracle BI Server Client has been installed, open the ODBC Data Source Administrator.
- Navigate to the System DSN tab and the select Oracle Analytics Server DSN (by default called AnalyticsWeb). Click the Configure button to open the Oracle Analytics Server Configuration window.
- Check the Use SSL check box that appears on the configuration window.
- Click the Configure SSL button to open the Secure Socket Layer Configuration dialog box.
- In the Secure Socket Layer Configuration dialog box, enter the following:
- In the Certificate File text box, enter the path and file name of the Client Certificate file. For example:
Certificate File = OracleBI_HOME\ssl\client-cert.pem
- In the Certificate Private Key File text box, enter the path and file name of the Client Private Key file. For example:
Certificate Private Key File = OracleBI_HOME\ssl\client-key.pem
- In the File Containing Passphrase text box, enter the path and file name of the passphrase file for the Client Key. For example:
File Containing Passphrase = OracleBI\ssl\clientpwd.txt
The above three entries are required when either Oracle BI Cluster Controller or Oracle BI Severs have been configured to require peer verification.
- Check the Verify Peer check box.
- If you are using the hashed version of the CA certificate, provide the directory where the hashed file is located in the CA Certificate Directory text box. For example:
CA Certificate Directory = OracleBI_HOME\ssl
- If you are using the CA certificate, provide the path and file name of the CA Certificate file in the CA Certificate File text box.
CA Certificate File = <OracleBI>\ssl\cacert.pem
- In the Cipher List text box, enter the list of ciphers to be used. For example:
Cipher List = EXP-DES-56-SHA
- Specify a value of 1 for Certificate Verification Depth. For example:
Certification Verification Depth = 1
- In the Trusted Peer Distinguished Names text box, enter DNs of servers that will allowed to connect. For example:
Trusted Peer Distinguished Names = C=US/ST=CA/L=Redwood Shores/O=Oracle/OU=BI/CN=servercertificate
- Copy the client certificate, client private key and passphrase file, for example client-cert.pem, client-key.pem and clientpwd.txt to the directory specified in the parameters. In the examples specified, the directory is OracleBI_HOME\ssl. If you have set the CA Certificate File parameter, copy the CA certificate file, for example cacert.pem, to the directory specified. If you have set the CA Certificate Directory parameter, copy the hash version of the CA certificate to the directory specified.
Configuring Oracle BI Server Client on UNIX in Minimum Security Scenario
Perform this task to configure Oracle BI Server Client to communicate over SSL. To configure Oracle BI Server Client on UNIX in minimum security scenarios
Configuring Oracle BI Server Client on UNIX in near-Maximum Security Scenario
Perform the following task to configure Oracle BI Server Client to communicate over SSL. To configure Oracle BI Server client on UNIX in near-maximum security scenario
- Modify the odbc.ini file located in the OracleBI_HOME/setup directory by adding the following lines to the [AnalyticsWeb] section of the file:
SSL=YES SSLertificateFile=<Directory and filename of client certificate> SSLPrivateKeyFile==<Directory and filename of client private key file> SSLPassphraseFile=<Directory and filename of passphrase file for client key> SSLipherList=<cipher list> SSLVerifyPeer=Yes SSLTrustedPeerDNs=<Distinguished Names of trusted peers> SSLertVerificationDepth=<Depth of chain>
- If you are using the hashed version of the CA Certificate file, add the line:
SSLACertificateDir=<Directory containing the hashed CA certificate>
- If you are using the CA Certificate file, add the line:
SSLACertificateFile=<Directory and filename of CA Certificate file>
After modification, the [AnalyticsWeb] section of the odbc.ini file should have additional entries similar to the following example:
[AnalyticsWeb] . . . SSL=YES SSLertificateFile=OracleBI_HOME/ssl/client-cert.pem SSLPrivateKeyFile=OracleBI_HOME/ssl/client-key.pem SSLPassphraseFile=OracleBI_HOME/ssl/clientpwd.txt SSLipherList= EXP-DES-56-SHA SSLVerifyPeer=Yes SSLACertificateDir=OracleBI_HOME/ssl SSLACertificateFile=OracleBI_HOME/ssl/cacert.pem SSLTrustedPeerDNs= C=US/ST=CA/L=Redwood Shores/O=Oracle/OU=BI/CN=servercertificate SSLertVerificationDepth=1
- Copy the client certificate, client private key and passphrase file to the directory specified in the parameters.
In the examples specified, the directory is OracleBI_HOME/ssl.
- Copy the CA certificate file if you have set the CA Certificate File parameter to the directory specified.
- If you have set the CA Certificate Directory parameter, copy the hash version of the CA certificate to the directory specified.
|