Configuring SSL-Enabled External User Directories

Assumptions

• The external user directories that you plan to configure in Oracle Hyperion Shared Services Console are SSL-enabled.

• If you did not use a certificate from a well-known third-party CA to SSL-enable the user directory, you have a copy of the root certificate of the CA that signed the server certificate.

Import the Root CA Certificate

If you did not use a certificate from a well-known third-party CA to SSL-enable the user directory, then you must import the root certificate of the CA that signed the server certificate into the following keystores:

Note:

During application deployment, WebLogic adds the -Djavax.net.ssl.trustStore directive pointing to DemoTrust.jks in setDomainEnv.sh or setDomainEnv.cmd. Remove -Djavax.net.ssl.trustStore from setDomainEnv.sh or setDomainEnv.cmd if you are not using the default WebLogic certificate.

Use a tool, such as keytool, to import the root CA certificate.

• All Oracle Enterprise Performance Management System servers:

  JVM keystore: MIDDLEWARE_HOME/jdk/jre/lib/security/cacerts

• The keystore used by the JVM on each EPM System component host machine. By default, EPM System components use the following keystore:

  MIDDLEWARE_HOME/jdk/jre/lib/security/cacerts

Configure External User Directories

You configure user directories using the Shared Services Console. While configuring user directories, you must select the SSL Enabled option that instructs EPM System security to use the secure protocol to communicate with the user directory. You can SSL-enable a connection between EPM System security and LDAP-enabled user directories; for example, Oracle Internet Directory and Microsoft Active Directory.

See "Configuring User Directories" in the Oracle Enterprise Performance Management System User Security Administration Guide.