Configure SSL in Oracle WebLogic Server

You can configure one-way and two-way SSL in Oracle WebLogic Server.

This section contains the following topics:

Configure One-Way SSL in Oracle WebLogic Server

One-way SSL is required to properly secure the communication between Oracle Analytics Server and Oracle WebLogic Server.

From the Oracle WebLogic Server Administration Console home page, click Servers under the Environment heading.
In the Servers table, select the name of the server you want to manage.
On the General tab in the Configuration tab, select SSL Listen Port Enabled.
Use the Model Administration Tool to update the appropriate connection pool object in the Physical layer to use https:// instead of http://.
Update the port number to use the SSL port number, 7002, by default.

Configure Two-Way SSL in Oracle WebLogic Server

You can set up two-way SSL to secure the communication between the Oracle BI Server and Oracle WebLogic Server.

Perform queries against ADF using your Oracle BI Server client of choice such as nqcmd. The Oracle BI Server should communicate with the ADF Oracle WebLogic Server using mutual SSL / client certificates.

See Managing Security for Oracle Analytics Server.

In the Oracle WebLogic Server Administration Console modify the ADF Oracle WebLogic Server to accept SSL connections and to perform mutual SSL.

If you generate a client certificate file, the cacert.pem file is stored in:

ORACLE_HOME/user_projects/domains/bifoundation_domain/config/fmwconfig/biinstances/coreapplication/ssl

Your trust keystore might use a location similar to the following:

/scratch/user_name/view_storage/user_name_fmw/fmwtools/mw_home/wlserver_10.3/server/lib

Optional: (Optional) Create client certificates in the Oracle BI Server, if they don't already exist.
Log in to the Oracle WebLogic Server Administration Console and click Servers under the Environment heading, then click the server name.
In the Change Center, click Lock & Edit to enable configuration changes.
In the General tab, select SSL Listen Port Enabled, record the SSL Listen Port number, and then click Save.
Select the SSL tab, then select Advanced.
For Two Way Client Cert Behavior, select Client Certs Requested and Enforced, and then click Save.
Select the Keystores tab and record the location and file name for the Trust Keystore.
Click Activate Changes.
On the Oracle BI Server computer, find the CA file for the client certificate verify that the Certificate Authority (CA) for the Oracle BI Server client certificate is trusted by the ADF Oracle WebLogic Server.
Copy the cert.pem file to a known location.
On the ADF Oracle WebLogic Server computer, open a command window and go to the location of the trust keystore.
Copy the client CA file, for example, cacert.pem to the trust keystore location.

Use the following command in the JDK keytool utility to import the client CA into the trust keystore for the ADF server, making it a trusted CA:

keytool -import -file client_CA_file -keystore 
keystore_file -keystorepass keystore_password

For example:

/scratch/my_name/view_storage/my_name_fmw/jdk6/bin/keytool -import -file
~/Downloads/SSL/cacert.pem -keystore DemoTrust.jks -keystorepass
DemoTrustKeyStorePassPhrase

In the Model Administration Tool, in the Physical layer, open the first ADF connection pool object and select the Miscellaneous tab to update the Physical layer of the Oracle BI repository.
Update the URL field to use the https protocol and the SSL port, and then click OK.
Repeat the previous two steps for each additional ADF connection pool object.
Save the repository and restart the Oracle BI Server.
Configure the Oracle BI Server ODBC DSN to use SSL.
For example, on Windows do the following:
1. Open the ODBC Data Source Administrator and select the System DSN tab.
2. Double-click the DSN for the Oracle BI Server.
  
  The DSN should start with coreapplication_OH.
3. Select Use SSL.
4. Click Next, click Next again, and then click Finish.