Oracle^® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence > Configuring Oracle Business Intelligence to Communicate Over SSL >

Configuring BI Presentation Services and BI Publisher When SSL is Enabled

If you are using the Oracle BI Reporting and Publishing feature and have configured BI Publisher to integrate with Oracle BI, then you must perform the following additional steps to ensure that communication between BI Presentation Services and BI Publisher occurs successfully when the SSL Everywhere feature has been enabled for Oracle BI and the BI Publisher application is accessed via the HTTPS protocol.

NOTE:  It is assumed that you have installed and configured BI Publisher to integrate with Oracle BI. For details of this install and configuration, see the Oracle Business Intelligence Infrastructure Installation and Configuration Guide.

• Exporting the Apache Certificate from the Wallet
• Modifying the AdvancedReporting tag in instanceconfig.xml
• Modifying BI Publisher Settings

When the HTTP web server for the BI Publisher application is enabled for HTTPS, the certificate or CA of the web server must be exported from the web server and imported to the default Java trust store that will be accessed by BI Publisher J2EE container. The certificate must also be imported to the BI Presentation Services credential store.

NOTE:  To enable SSL for the web server for the BI Publisher application, refer to the web server vendor documentation. For more information about enabling SSL for Oracle Application Server and Oracle HTTP Server, refer to the Oracle Application Server Administrator's Guide 10g Release 3 (10.1.3.1.0) and the Oracle HTTP Server Administrator's Guide 10g (10.1.3.1.0)Oracle HTTP Server Administrator's Guide 10g (10.1.3.1.0).

Exporting the Apache Certificate from the Wallet

The following procedures describes how to export the Apache certificate from the wallet on Oracle HTTP Server.

NOTE:  To export a certificate or CA of the HTTP server for BI Publisher, see your web server vendor documentation.

To export the certificate from the wallet

1. On the machine where Oracle HTTP Server is installed, navigate to ORACLE_HOME/bin.
2. Export the Apache certificate from the wallet by executing the command:

   orapki wallet export -wallet wallet_location -dn
   certificate_dn -cert certificate_filename

   This command exports a certificate with the subject's distinguished name (-dn) from a wallet to a file that is specified by -cert, where:

   • The "-dn" should be the certificate Distinguished Name for the OHS web server.
   • The wallet is located at ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default/ewallet.p12.

     NOTE:  For more information, see the chapter about managing wallets and certificates in the Oracle Business Intelligence Server Administration Guide.

To import the exported certificate to Java's default trust store named cacerts

1. Navigate to Java's default trust store located at JAVA_HOME/ jre/lib/security/cacerts.
2. Copy the web server certificate to the same location as the Java's default truststore.
3. Execute the command to import the certificate to the default trust store:

   keytool -import -trustcacerts -alias bicert -file $WebServerCertFilename
   -keystore cacerts -storetype JKS

   where $WebServerCertFilename is the name of the certificate exported from the web server. The certificate is stored under the alias "bicert" in the cacerts trust store.

   NOTE:  The default password for the Java trust store is "changeit".

4. Restart the Java process and Application Server.
5. Import the exported web server certificate to the BI Presentation Services Credential Store. The credential store of each instance of BI Presentation Services in your deployment must contain this certificate.

Modifying the AdvancedReporting tag in instanceconfig.xml

When the BI Publisher application is accessed using the HTTPS protocol, you must modify the AdvancedReporting tag in the instanceconfig.xml file for BI Presentation Services to identify the BI Publisher URL.

To modify the AdvancedReporting tag in instanceconfig.xml

1. On the BI Presentation Services machine, open the instanceconfig.xml file for editing. This file is located in OracleBIData_HOME\web\config on Windows and in OracleBIData_HOME/web/config on Linux or UNIX.
2. Locate and set the <AdvancedReporting> element to identify the BI Publisher URL as follows:

   <AdvancedReporting>.
   .
   <ServerURL>https://bi-publisher.mycompany.com:443/xmlpserver/services/XMLPService</ServerURL>
   <WebURL>https://bi-publisher.mycompany.com:443/xmlpserver</WebURL>
   <AdminURL>https://bi-publisher.mycompany.com:443/xmlpserver/servlet/admin</AdminURL>
   .
   .
   </AdvancedReporting>

3. Perform the above modifications on each instance of BI Presentation Services in your deployment.

Modifying BI Publisher Settings

When Oracle BI components are enabled for communication to occur over SSL, the settings in BI Publisher for integration with Oracle BI must be modified.

To modify the BI Publisher settings

1. Access the BI Publisher application using its URL, for example:

   https://bi-publisher.mycompany.com/xmlpserver

2. Log in to the BI Publisher application.
3. Navigate to the Admin tab, Under Data Sources, click the JDBC Connection link.
4. On the JDBC tab of the Data Sources page, select the Oracle BI EE data source.
5. Modify the Connect String field as follows:

   Append the following string to the Connect String:

   ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;

   where the SSLKeystorefilename identifies the Java keystore that contains the certificate exported from the web server, and sslKeystorepassword is the password for the keystore.

   The connection string should be similar to the following example:

   jdbc:oraclebi://<BI Server>:9703;ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;

6. If you have Oracle BI clustering enabled, the connection string should be similar to the following:

   jdbc:oraclebi://<Primary Cluster Controller>:9706/PrimaryCCS=<Primary Cluster Controller>;PrimaryCCSPort=9706;SecondaryCCS=<Secondary Cluster Controller>;SecondaryCCSPort=9706;ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;

7. Test the connection by clicking the Test Connection button.
8. Set the Username and Password fields to the Oracle BI Administrator credentials.
9. Verify that the Database Driver Class is set to the following:

   oracle.bi.jdbc.AnaJdbcDriver

   Click Apply.

10. Navigate to Admin tab > Integration - Oracle BI Presentation Services, and set the following fields:
    • Server Protocol = https
    • Server Version = v4
    • Server = bi.mycompany.com

      Where bi.mycompany.com is the Web Server or Application Server host where Oracle BI is deployed.

    • Port = 443
    • Administrator Username = Administrator
    • Administrator Password = <Password for Oracle BI Administrator user>
    • URL Suffix = analytics/saw.dll

      NOTE:  You must specify the Administrator user in the Administrator Username field. This is the Administrator user defined in the Oracle BI repository (rpd).

11. If you have defined BI Server Security as the security model in BI Publisher, you must modify the JDBC connection string as done in this procedure.

    In the BI Publisher application > Admin tab > Security Configuration page, append following SSL string the Connection String field:

    ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;

    where the SSLKeystorefilename identifies the Java keystore that contains the certificate exported from the web server, and sslKeystorepassword is the password for the keystore.