1. Essbase Independent Deployment
  2. Secure Your Communication and Network
  3. Add External Certificates for External Java Process

Add External Certificates for External Java Process

Here you see how to add external certificates for an external Java process.

Steps for Using Partitions with Self-Signed Certificates:

  1. Navigate to relevant location below and edit the essbase.cfg file.
    • For Linux platform:
      ${DOMAIN_HOME}/config/fmwconfig/essconfig/essbase
    • For Windows:
      %DOMAIN_HOME%\config\fmwconfig\essconfig\essbase
  2. Add the following variable to the bottom of the file and save it.
    env:API_DISABLE_PEER_VERIFICATION 1

Steps for Using Java-based Clients with Self-Signed Certificates

  1. Run the following command if the Essbase server is configured by enabling TLS option.
    • For Linux platform:
      ${JAVA_HOME}/bin/keytool -printcert -rfc -sslserver <external_host>:<external_port>
    • For Windows:
      %JAVA_HOME%\bin\keytool -printcert -rfc -sslserver <external_host>:<external_port>
  2. The above command generates certificates. Copy the certificates into a text file.
  3. Run the command below to import the certificate to java cacerts.
    • For Linux platform:
      ${JAVA_HOME}/bin/keytool -importcert -alias <hostname> -file <certificate_file> -noprompt -trustcacerts -keystore ${JAVA_HOME}/lib/security/cacerts -storepass Password1
    • For Windows:
      %JAVA_HOME%\bin\keytool -importcert -alias <hostname> -file C:\21.3_EsbInstaller\sca00jqv.txt -noprompt -trustcacerts -keystore %JAVA_HOME%\lib\security\cacerts -storepass Password1

    Certificate is added to keystore.

Steps for Configuring WebLogic for Use with Self-Signed Certificates

Caution:

The Essbase platform includes scripts in <DOMAIN HOME>/bin that can customize the environment and behaviors of Essbase functionality. However, making changes to these domain environment or startup scripts can have unintended effects, including startup failure. Oracle recommends making changes in a test environment first. Before editing these scripts, always:

  1. Stop the Essbase managed servers, using <DOMAIN HOME>/esstools/bin/stop.sh (on Linux), or <Domain Home>\esstools\bin\stop.cmd (on Windows).

  2. In <DOMAIN HOME>/bin, make a backup copy of the file you want to edit. For example,

    On Linux

    cp setStartupEnv.sh setStartupEnv_bak.sh

    On Windows

    copy setStartupEnv.cmd setStartupEnv_bak.cmd

  3. Edit carefully, using only Oracle’s documented instructions, or working with Oracle Support.

  4. Restart Essbase, using <DOMAIN HOME>/esstools/bin/start.sh (on Linux), or <Domain Home>\esstools\bin\start.cmd (on Windows). Check that startup completed normally.

  1. Edit the relevant file:
    • For Linux platform:
      ${DOMAIN_HOME}/bin/setDomainEnv.sh
    • For Windows:
      %DOMAIN_HOME%\bin\setDomainEnv.cmd
  2. Replace the following line:
    JAVA_OPTIONS="${JAVA_OPTIONS}"
    with the following string:
    JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.SSL.ignoreHostnameVerification=true"
  3. Save the file.
  4. Stop and restart the Essbase stack instance.