Configure SSL when Using Multiple Authenticators

If you are configuring multiple authenticators, and have configured an additional LDAP Authenticator to communicate over SSL (one-way SSL only), you need to put the corresponding LDAP server's root certificate in an additional keystore used by the virtualization (libOVD) functionality.

Note:

If the LDAP server is using TLS/SSL and is using a certificate signed by an intermediate certificate authority, you need to import the intermediate and root CA certificates into the libOVD trust store.

In the following procedure you set the values for your environment variables: ORACLE_HOME, WL_HOME and JAVA_HOME.

The createKeystore command creates an OVD Keystore password. You have to type a value for the OVD Keystore password.

Before completing this task, you must configure the custom property, called virtualize, and set the property’s value to true.

Set up the keystore by running libovdconfig.bat on Windows, using the -createKeystore option.

Type the command to look similar to the following:

libovdconfig.bat -createKeystore -host <hostname> -port <Admin_Server_Port> -domainPath <OracleHome>/user_projects/domains/bi -userName <BI Admin User>

At the prompt, type the Oracle Analytics Server administrator user name and password.
Type a password for the OVD Keystore password to secure a Keystore file.
Export the root and any intermediate certificates from the LDAP directory.

Use the following keytool command to import the root and any intermediate certificates into the libOVD keystore:

<OracleHome>/jdk/jre/bin/keytool -import -keystore <OracleHome>/user_projects/domains/bi/config/fmwconfig/ovd/default/adapters.jks -storepass <KeyStore password> -alias <alias of your choice> -file <Certificate filename>

Restart WebLogic Server and Oracle Analytics Server processes.

You should see two new credentials in the Credential Store and a new Keystore file, called adapters.jks in the following location, <OracleHome>/user_projects/domains/bi/config/fmwconfig/ovd/default.