1. Managing Security for Oracle Analytics Server
  2. Configure SSL in Oracle Analytics Server
  3. Configure SSL Connections to External Systems

Configure SSL Connections to External Systems

Use these links to see topics about configuring SSL connections to external systems:

Topics:

Configure SSL for the SMTP Server Using Fusion Middleware Control

You must obtain the SMTP server certificate to complete this task.

  1. Login to Fusion Middleware Control.
  2. Click Target Navigation, and then click biinstance under Business Intelligence to display the Business Intelligence Instance page.
  3. Click Configuration, and then click Mail.

    Click the Help button on the page to access the page-level help for its elements.

  4. Click Lock and Edit in the Change Center.
  5. Complete the fields under Secure Socket Layer (SSL) as follows:

    • Connection Security: Select an option, other fields may become active afterward.

    • Specify CA certificate source: Select Directory or File.

    • CA certificate directory: Specify the directory containing CA certificates.

    • CA certificate file: Specify the file name for the CA certificate.

      Oracle Analytics Server includes a default certificate that you can use for the configuration of SSL for the SMTP server. The certificate's location is:

      ORACLE_HOME/bi/modules/oracle.bi.publictrust/openssl/cacerts.crt

    • SSL certificate verification depth: Specify the verification level applied to the certificate.

    • SSL cipher list: Specify the list of ciphers matching the cipher suite name that the SMTP server supports, for example, RSA+RC4+SHA.

  6. Click Apply, then click Activate Changes in the Change Center to apply your changes.

Configure SSL when Using Multiple Authenticators

If you are configuring multiple authenticators, and have configured an additional LDAP Authenticator to communicate over SSL (one-way SSL only), you need to put the corresponding LDAP server's root certificate in an additional keystore used by the virtualization (libOVD) functionality.

Note:

If the LDAP server is using TLS/SSL and is using a certificate signed by an intermediate certificate authority, you need to import the intermediate and root CA certificates into the libOVD trust store.

In the following procedure you set the values for your environment variables: ORACLE_HOME, WL_HOME and JAVA_HOME.

The createKeystore command creates an OVD Keystore password. You have to type a value for the OVD Keystore password.

Before completing this task, you must configure the custom property, called virtualize, and set the property’s value to true.

  1. Set up the keystore by running libovdconfig.bat on Windows, using the -createKeystore option.
  2. Type the command to look similar to the following: 
    libovdconfig.bat -createKeystore -host <hostname> -port <Admin_Server_Port> -domainPath <OracleHome>/user_projects/domains/bi -userName <BI Admin User>
  3. At the prompt, type the Oracle Analytics Server administrator user name and password.
  4. Type a password for the OVD Keystore password to secure a Keystore file.
  5. Export the root and any intermediate certificates from the LDAP directory.
  6. Use the following keytool command to import the root and any intermediate certificates into the libOVD keystore: 
    <OracleHome>/jdk/jre/bin/keytool -import -keystore <OracleHome>/user_projects/domains/bi/config/fmwconfig/ovd/default/adapters.jks -storepass <KeyStore password> -alias <alias of your choice> -file <Certificate filename>
  7. Restart WebLogic Server and Oracle Analytics Server processes.

You should see two new credentials in the Credential Store and a new Keystore file, called adapters.jks in the following location, <OracleHome>/user_projects/domains/bi/config/fmwconfig/ovd/default.