About SSL-Enabling EPM System Products

The Oracle Enterprise Performance Management System deployment process automatically deploys Oracle's EPM System products to work in both SSL and non-SSL modes.

Note:

• EPM System supports SSL over HTTP and JDBC only. It does not support other standards, for example Thrift and ODBC, for secure communication.
• To protect against the Poodle (Padding Oracle On Downgraded Legacy Encryption) vulnerability, which is an attack on the SSLv3 protocol, you must disable SSLv3 support in your servers and in the browsers that are used to access EPM System components. See your server and browser documentation for information to disable SSLv3 support.
• EPM System servers may fail to start if you disable non-SSL mode after configuring SSL.

  Enable secure replication for all EPM System servers in the domain to make them start when non-SSL mode is disabled.

While specifying common settings for EPM System, you specify whether to SSL-enable all server-to-server communication in your deployment.

Selecting SSL settings during the deployment process does not automatically configure your environment for SSL. It only sets a flag in the Oracle Hyperion Shared Services Registry to indicate that all EPM System components that use the Shared Services Registry must use the secure protocol (HTTPS) for server-to-server communication. You must complete additional procedures to SSL-enable your environment. These procedures are discussed in this document.

Note:

Redeploying your applications erases the custom application server and web server settings that you specify to enable SSL.

Note:

In Enterprise Performance Management System Release 11.2.x, Secure Sockets Layer (SSL) for MS SQL Server in the Repository Creation Utility (RCU) is not supported.