Configuring WebLogic Server

After deploying Oracle Enterprise Performance Management System web components, you must configure them for SSL communication.

To configure the web components for SSL:

1. Start the Oracle WebLogic Server by executing MIDDLEWARE_HOME/user_projects/domains/EPMSystem/bin/startWebLogic.cmd:
2. Launch the WebLogic Server Administration Console by accessing the following URL:

   http://SERVER_NAME:Port/console

   For example, to access the WebLogic Server console deployed to the default port on myServer, you should use http://myServer:7001/console.

3. On the Welcome screen, enter the WebLogic Server administrator user name and password that you specified in EPM System Configurator.
4. In Change Center, click Lock & Edit.
5. In the left pane of the console, expand Environment, and then select Servers.
6. In the Summary of Servers screen, click the name of the server that you want to SSL-enable.

   For example, to SSL-enable Oracle Hyperion Foundation Services components, you work with the FoundationService0 server.

7. Clear Listen Port Enabled to disable the HTTP listen port.
8. Ensure that SSL Listen Port Enabled is selected.
9. In SSL Listen Port, enter the SSL listen port where this server should listen for requests.
10. To specify the identity and trust keystores to use, select Keystores to open the Keystores tab.
11. Click Change.
12. Select an option:

    • Custom Identity and Custom Trust if you are not using a server certificate from a well-known third-party CA

    • Custom Identity and Java Standard Trust if you are using a server certificate from a well-known third-party CA

13. Click Save.
14. In Custom Identity Keystore, enter the path of the keystore where the signed WebLogic Server certificate is installed.
15. In Custom Identity Keystore Type, enter jks.
16. In Custom Identity Keystore Passphrase and Confirm Custom Identity Keystore Passphrase, enter the keystore password.
17. If you selected Custom Identity and Custom Trust in Keystores:

    • In Custom Trust Keystore, enter the path of the custom keystore where the root certificate of the CA that signed your server certificate is available.

    • In Custom Trust Keystore Type, enter jks.

    • In Custom Trust Keystore Passphrase and Confirm Custom Trust Keystore Passphrase, enter the keystore password.

18. Click Save.
19. Specify SSL settings:

    • Select SSL.

    • In Private Key Alias, enter the alias that you specified while importing the signed WebLogic Server certificate.

    • In Private Key Passphrase and Confirm Private Key Passphrase, enter the password to be used to retrieve the private key.

    • Click Save.

    Note:

    If you are using SHA-2 certificates, you must select Use JSSE SSL setting for every managed server that is used to support EPM System. This setting is available on the Advanced tab of SSL page. You need to restart WebLogic Server to activate this change.

20. Enable secure replication for the server:
    1. In the left pane of the console, expand Environment and then click Clusters.
    2. In Summary of Clusters, click the name of the server, for example Foundation Services, for which you want to enable secure replication.
       The Configuration tab of the Settings screen for the selected server is displayed.
    3. Click Replication to open the Replication tab.
    4. Select Secure Replication Enabled. You may need to click Lock & Edit before you can select this option.
    5. Click Save.
21. Complete step 6 through step 20 for each managed server belonging to this host.
22. Enable secure replication to provide channel for replication calls for cluster.

    See Oracle metalink document 1319381.1 for details.

    • In the Administration Console, expand Environment, and then select Clusters.

    • Select Replication.

    • On Replication, select (check) Secure Replication Enabled.

    • Click Save.

23. In Change Center, click Activate Changes.