SSL communication uses certificates to establish a trust between components. Oracle recommends that you use certificates from well-known third-party CAs to SSL-enable EPM System in a production environment. You may use self-signed certificates for test purposes if a root CA is not available to sign certificates.
Note: | EPM System supports the use of wildcard certificates, which can secure multiple subdomains with one SSL certificate. Using a wildcard certificate can reduce management time and cost. If you are using wildcard certificates to encrypt communication between Provider Services web application and other EPM System server components, you must disable host name verification for Provider Services web application in WebLogic Server. |
You require the following certificates for each server that hosts EPM System components:
A root CA certificate.
Note: | You do not need to install root CA certificate in the Java keystore if you are using certificates from a well-known third-party CA whose root certificate is already installed in the Java keystore. Firefox and Internet Explorer are pre-loaded with certificates of well-known third-party CAs. If you are acting as your own CA, you must import your CA root certificate into the keystore used by the clients accessed from such browsers. For example; if you are acting as your own CA, Web Analysis clients cannot establish an SSL handshake with the server if your CA root certificate is not available to the browser from which Web Analysis is accessed. |
Signed certificates for each machine in your deployment.
Note: | Full SSL scenario requires two signed certificates for Oracle HTTP Server, one for internal communication and the other for external communication. |
Note: | In scenarios where the client must present SSL |