The external user directories that you plan to configure in Shared Services Console are SSL-enabled.
If you did not use a certificate from a well-known third-party CA to SSL-enable the user directory, you have a copy of the root certificate of the CA that signed the server certificate.
If you did not use a certificate from a well-known third-party CA to SSL-enable the user directory, you must import the root certificate of the CA that signed the server certificate into the following JVMs:
Use a tool such, as keytool, to import the root CA certificate.
WebLogic Server:
Sun JVM keystore: MIDDLEWARE_HOME/jdk160_11/jre/lib/security/cacerts
JRockit JVM keystore: MIDDLEWARE_HOME/jrockit_160_05/jre/lib/security/cacerts
The keystore used by the JVM on each EPM System component host machine. By default, EPM System components use the following keystore:
MIDDLEWARE_HOME/jdk160_11/jre/lib/security/cacerts
You configure user directories using the Shared Services Console. While configuring user directories, you must select the SSL Enabled option that instructs EPM System security to use the secure protocol to communicate with the user directory. You can SSL-enable a connection between EPM System security and LDAP-enabled user directories, for example; Oracle Internet Directory and Microsoft Active Directory, and SAP repository.
See “Configuring User Directories” in the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.