1. Security Configuration Guide
  2. SSL-Enabling EPM System Components
  3. Full SSL Deployment of EPM System
  4. Configuring EPM System for Full SSL
  5. Installing Certificate on the WebLogic Server

Installing Certificate on the WebLogic Server

The default Oracle WebLogic Server installation uses a demo certificate to support SSL. Oracle recommends that you install a certificate from a well-known third-party to strengthen the security of your environment.

On each machine that hosts WebLogic Server, use a tool (for example, keytool) to create a custom keystore to store the signed certificate for WebLogic Server and Oracle Enterprise Performance Management System web components.

To create a custom keystore and import certificate:

  1. From a console, change directory to MIDDLEWARE_HOME/jdk/jre/bin.
  2. Execute a keytool command such as the following to create the custom keystore (identified by the -keystore directive in the command) in an existing directory:
    keytool -genkey -dname "cn=myserver, ou=EPM, o=myCompany, c=US" -alias epm_ssl -keypass password -keystore C:\oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password -validity 365 -keyalg RSA

    Note:

    The common name (cn) that you set must match the server name. If you use fully qualified domain name (FQDN) as the cn, you must use the FQDN while deploying web components.

  3. Generate a certificate request.
    keytool -certreq -alias epm_ssl -file C:/certs/epmssl_csr -keypass password -storetype jks -keystore C:\oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password
  4. Obtain a signed certificate for the WebLogic Server machine.
  5. Import the signed certificate into the keystore:
    keytool -import -alias epm_ssl -file C:/certs/epmssl_crt -keypass password -keystore C:\Oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password