Enable SSL Without Internal Oracle Analytics Server SSL

To support SSL on the external ports without using SSL internally you must decouple the internal communications by creating internal channels. Use the steps in this task to create the internal channels configured to use HTTP.

Oracle Analytics Server has system components that need to communicate with Java components running inside WebLogic managed servers, for example at login an Oracle BI Server process calls the BI security service. In a default configuration template configured system, the communication links use the external WebLogic ports. You can configure Oracle WebLogic Server to use HTTPS for its external ports.

If you configure WebLogic to use HTTPS for external ports, the internal components attempt to connect to the HTTPS port without the necessary trust setup. To avoid this problem, you need to configure private channels. These private channels are independent of the external WebLogic ports, with their own ports and their own protocol configuration.

Assumptions:

• Run commands from the primary host.
• Perform this task as an offline operation.

• Do one of the following:

  • Option A, run the following commands:

    <domain_home>/bitools/bin/ssl.sh regenerate <days>

    Regenerate the certificates to allow the subsequent channel commands to work. The certificates aren't used unless you subsequently change your mind and enable internal SSL.

    <domain_home>/bitools/bin/ssl.sh targetapps bi_cluster

    For each new server run the following using an unused port:

    ./ssl.sh channel <new_bi_server> <port>

    ./ssl.sh internalssl false

  • Option B, repeat running the following command using the internalssl error checking to prompt you to resolve issues.

    ./ssl.sh internalssl false

    Run the other commands as indicated in the internalssl command's error messages.