Required Certificates

SSL communication uses certificates to establish trust between components. Oracle recommends that you use certificates from well-known third-party CAs to SSL-enable Oracle Enterprise Performance Management System in a production environment.

Note:

EPM System supports the use of wildcard certificates, which can secure multiple subdomains with one SSL certificate. Using a wildcard certificate can reduce management time and cost.

If you are using wildcard certificates to encrypt communication, you must disable host-name verification in Oracle WebLogic Server.

You require the following certificates for each server that hosts EPM System components:

• A root CA certificate

  Note:

  You need not install a root CA certificate in the Java keystore if you are using certificates from a well-known third-party CA whose root certificate is already installed in the Java keystore.

  Firefox and Internet Explorer are preloaded with certificates of well-known third-party CAs. If you are acting as your own CA, you must import your CA root certificate into the keystore used by the clients accessed from such browsers. If you are acting as your own CA, web clients cannot establish an SSL handshake with the server if your CA root certificate is not available to the browser from which the client is accessed.

• Signed certificates for each Oracle HTTP Server in your deployment

• A signed certificate for WebLogic Server host machine. Managed servers on this machine can also use this certificate

• Two certificates for the SSL offloader/load balancer. One of these certificates is for external communication and the other is for internal communication