1. Security Configuration Guide
  2. SSL-Enabling EPM System Components
  3. Full SSL Deployment of EPM System
  4. Configuring EPM System for Full SSL
  5. Enabling HFM Server Connection with an SSL-Enabled Oracle Database

Enabling HFM Server Connection with an SSL-Enabled Oracle Database

The network connection between the HFM DataSource and the Oracle database can be encrypted using SSL. For this to work, the Oracle Wallet must be configured as outlined in the Oracle documentation. The TNS Listener must also be configured to listen on a new port for SSL encrypted connections. Finally, the appropriate certificates need to be loaded into the keystore and truststore on the servers hosting the HFM DataSource. The instructions below are referred from the Oracle Database documentation.

Prerequisites

Ensure that the folloiwng prerequisites are met before proceeding with the steps below:

  • A functioning database server.
  • Ensure that no local or network firewalls are blocking any communication with the server on port where the SSL enabled TNS listener is running.

In the examples below, Oracle 12c (12.1.0.2) version running on MS Windows Server 2016 has been used. These instructions will work equally well on a Linux installation provided that the paths specified are for the wallet files are Linux filesystem paths and the environment variable substitutions are properly changed for the shell being used on the database server. These same instructions have been successfully used on 19c development and support instances.

The examples in this article use self signed certificates, but you can also use proper certificate authority certificates if you prefer. See Oracle Database documentation for the exact steps to follow when installing a certificate issued by a certificate authority.