Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Secure Communication in Oracle Business Intelligence > Creating Certificates and Keys >

Creating the Client Certificate and Client Private Key


For mutually-authenticated SSL where the client BI component identity is verified by the server, the client must possess a certificate and private key. Use the following procedures to generate a client certificate and client private key. The client certificate and private key is used by the BI Server Client components such as Oracle BI ODBC client.

To create the client certificate request and private key

  • Create the client request and private key by running the following commands:

    req -new -keyout $ClientKeyFilename -out $ClientRequestFilename -days $ValidityPeriod -config openssl.cnf

    For example:

    OpenSSL> req -new -keyout client-key.pem -out client-req.pem -days 365 -config openssl.cnf

This example generates the client private key in the file client-key.pem and the signing request or unsigned client certificate client-req.pem.

To create the client certificate

  • Create the client certificate by running the following command:

    ca -policy policy_anything -out $ClientCertFilename -config openssl.cnf -infiles $ClientRequestFilename

    For example:

    OpenSSL>ca -policy policy_anything -out client-cert.pem -config openssl.cnf -infiles client-req.pem

This example generates the signed client certificate client-cert.pem.

The client certificate and private key is used by the BI Server Client components such as Oracle BI ODBC client.

Oracle® Business Intelligence Enterprise Edition Deployment Guide Copyright © 2006, Oracle. All rights reserved.