Oracle recommends the use of certificates from well-known third-party CAs to SSL-enable Essbase in a production environment. You may use the default self-signed certificates for test purposes.
Note: | Essbase supports the use of wildcard certificates, which can secure multiple subdomains with one SSL certificate. Use of a wildcard certificate can reduce management time and cost. Wildcard certificates cannot be used if host name check is enabled. |
You require the following certificates:
A root CA certificate.
Components that use Essbase RTC (C APIs) to establish a connection to Essbase require that the root CA certificate be stored in Oracle Wallet. Components that use JAPI to establish a connection require that the root CA certificate be stored in a Java keystore. The required certificate and their location are indicated in the following table.
Note: | You may not need to install root CA certificate if you are using certificates from a well-known third-party CA whose root certificate is already installed in Oracle Wallet. |
Signed certificate for Essbase Server and Essbase Agent.
Table 13. Required Certificates and Their Location
| Component[1] | Keystore | Certificate[2] |
|---|---|---|
| MaxL | Oracle Wallet | root CA certificate |
| Administration Services Server | Oracle Wallet | root CA certificate |
| Provider Services | Oracle Wallet | root CA certificate |
| EPM System Database | Oracle Wallet | root CA certificate |
| Essbase Studio Server | Java Keystore | root CA certificate |
| Planning |
| root CA certificate |
| Financial Management | Java Keystore | root CA certificate |
| Essbase (Server and Agent) |
|
|
| Shared Services Repository |