Update TLS Certificates
You can update Transport Layer Security (TLS) self-signed certificates, when, for example, they are expired, or when you need to use several hosts for different WebLogic servers. After running the update tool, all external certificates that were added before, remain in the trust store file.
Prerequisites
- Configure Essbase with TLS connection. See Set up Weblogic TLS Connection for Essbase.
- Stop WebLogic.
- Set environment variables:
- JAVA_HOME and PATH
- ORACLE_HOME - Path to Fusion Middleware and Essbase folder
- DOMAIN_HOME
Update tool usage and properties file parameters
Before updating certificates, the update tool backs up all necessary files. The update tool prompts you for the private key password.
The command to run the tool is:
For Linux:
java -jar ${ORACLE_HOME}/essbase/lib/tlsTools.jar <properties file>For Windows:
java -jar %ORACLE_HOME%\essbase\lib\tlsTools.jar <properties file>where:
properties file is tls_tools.properties, and located at the following path:
-
for Linux:
${ORACLE_HOME}/essbase/bin/tls_tools.properties -
for Windows:
%ORACLE_HOME%\essbase\bin\tls_tools.properties
and includes the following parameter, to add external certificates to Essbase:
SAN=SAN (Subject Alternative Name) parameter, which has no value by default, lets you specify the IP addresses and domain names that must be secured by the certificate update. Provide a value to the SAN parameter to indicate how Essbase should update the certificates. If the SAN parameter has a value, all external, self-signed certificates are added. If all parameters are empty of values, all existing certificates in the Essbase environment are updated.
SAN="DNS:<hostname>,IP:<ip address>"SAN=IP:10.x.x.11,IP:10.x.x.13,IP:10.x.x.17,DNS:myhost,DNS:myhost.example.comRun Java command with update tool to update certificates
- Add SAN parameter to
tls_tools.propertiesfile, as described above. - Run Java command as shown above.