Configuring SSL-Enabled External User Directories
Assumptions
-
The external user directories that you plan to configure in Oracle Hyperion Shared Services Console are SSL-enabled.
-
If you did not use a certificate from a well-known third-party CA to SSL-enable the user directory, you have a copy of the root certificate of the CA that signed the server certificate.
Import the Root CA Certificate
If you did not use a certificate from a well-known third-party CA to SSL-enable the user directory, then you must import the root certificate of the CA that signed the server certificate into the following keystores:
Note:
During application deployment, WebLogic adds the -Djavax.net.ssl.trustStore
directive pointing to DemoTrust.jks
in setDomainEnv.sh
or setDomainEnv.cmd
. Remove -Djavax.net.ssl.trustStore
from setDomainEnv.sh
or setDomainEnv.cmd
if you are not using the default WebLogic certificate.
Use a tool, such as keytool, to import the root CA certificate.
-
All Oracle Enterprise Performance Management System servers:
JVM keystore:MIDDLEWARE_HOME/jdk/jre/lib/security/cacerts
-
The keystore used by the JVM on each EPM System component host machine. By default, EPM System components use the following keystore:
MIDDLEWARE_HOME/jdk/jre/lib/security/cacerts
Configure External User Directories
You configure user directories using the Shared Services Console. While configuring user directories, you must select the SSL Enabled
option that instructs EPM System security to use the secure protocol to communicate with the user directory. You can SSL-enable a connection between EPM System security and LDAP-enabled user directories; for example, Oracle Internet Directory and Microsoft Active Directory.
See "Configuring User Directories" in the Oracle Enterprise Performance Management System User Security Administration Guide.