The root CA certificate attests to the validity of the certificate that is used to support SSL. it contains the public key against which the private key that was used to sign the certificate is matched to verify the certificate. You can obtain the root CA certificate from the certificate authority that signed your SSL certificates.
Install the root certificate of the CA that signed the Essbase Server certificate on clients that connect to the Essbase Server or Agent. Ensure that the root certificate is installed in the keystore appropriate for the client. See Required Certificates and Their Location.
Note: | Multiple components can use a root CA certificate installed on a server machine. |
Refer to Table 13, Required Certificates and Their Location for a list of components that require the CA root certificate in an Oracle Wallet. You can create a wallet or install the certificate in the demo wallet where the default self-signed certificate is installed.
See Oracle Wallet Manager documentation for detailed procedures to create wallets and to import root CA certificate.
Refer to Table 13, Required Certificates and Their Location for a list of components that require the root CA certificate in an Java keystore. You can add the certificate into the keystore where the default self-signed certificate is installed or create a keystore for storing the certificate.
Note: | The root CA certificates of many well known third-party CAs are already installed in the Java keystore. |
Refer to the documentation of the tool you are using for detailed instructions. If you are using keytool, use a command, such as the following to import the root certificate:
keytool -import -alias blister_CA -file c:/certs/CA.crt -keypass password -trustcacerts -keystore C:\Oracle\Middleware\EPMSystem11R1\Essbase_ssl \keystore -storepass password