Configuring EPM System Web Components Deployed on WebLogic Server

After deploying EPM System web components, you must configure them for SSL communication.

  To configure the web components for SSL:

  1. Start the WebLogic Server by executing a file stored in EPM_ORACLE_INSTANCE/domains/EPMSystem/bin:

    • startWebLogic.cmd (Windows)

    • startWebLogic.sh (UNIX)

  2. Launch the WebLogic Server Administration Console by accessing the following URL:

    http://SERVER_NAME:Port/console

    For example, to access the WebLogic Server console deployed to the default port on myServer, you should use http://myServer:7001/console.

  3. On the Welcome screen, enter the user name and password to access the EPMSystem. The user name and password are specified in EPM System Configurator during the configuration process.

  4. In Change Center, click Lock & Edit.

  5. In the left pane of the console, expand Environment, and then select Servers.

  6. In the Summary of Servers screen, click the name of the server you want to SSL-enable.

    For example, if you installed all Foundation Services components, you can SSL-enable these servers:

    • CalcManager

    • EPMADataSync

    • FoundationServices

    • EpmaWebReports

  7. Clear Listen Port Enabled to disable the HTTP listen port.

  8. Ensure that SSL Listen Port Enabled is selected.

  9. In SSL Listen Port, enter the WebLogic Server SSL listen port.

  10. Specify the identity and trust keystores to use.

    1. Select Keystores to open the Keystores tab.

    2. In Keystores, select an option:

      • Custom Identity and Custom Trust if you are not using a server certificate from a well-known third-party CA

      • Custom Identity and Java Standard Trust if you are using a server certificate from a well-known third-party CA

    3. In Custom Identity Keystore, enter the path of the keystore where the signed WebLogic Server certificate is installed.

    4. In Custom Identity Keystore Type, enter jks.

    5. In Custom Identity Keystore Passphrase and Confirm Custom Identity Keystore Passphrase, enter the keystore password.

    6. If you selected Custom Identity and Custom Trust in Keystores:

      1. In Custom Trust Keystore, enter the path of the custom keystore where the root certificate of the CA that signed your server certificate is available.

      2. In Custom Trust Keystore Type, enter jks.

      3. In Custom Trust Keystore Passphrase and Confirm Custom Trust Keystore Passphrase, enter the keystore password.

    7. Click Save.

  11. Specify SSL settings.

    1. Select SSL.

    2. In Private Key Alias, enter the alias that you specified while importing the signed WebLogic Server certificate.

    3. In Private Key Passphrase and Confirm Private Key Passphrase, enter the password to be used to retrieve the private key.

    4. Provider Services web application only: If you are using wildcard certificates to encrypt communication between WebLogic Server and other EPM System server components, disable host name verification for Provider Services web application.

      1. Select Advanced.

      2. In Hostname Verification, select None.

    5. Click Save.

  12. In Change Center, click Activate Changes.