1. Managing Security for Oracle Analytics Server
  2. Configure SSL in Oracle Analytics Server
  3. Export Trust and Identity for Clients

Export Trust and Identity for Clients

You can provide the keys and certificates required to allow Oracle Analytics Server clients, for example, Model Administration Tool, to connect to SSL-enabled servers.

Assumptions:

  • You run commands from the primary host.

  • You can complete this operation online and offline.

Prerequisites

  • Certificates are created using either the configuration assistant or by running ./ssl.sh regenerate command.

  • SSL on WebLogic is enabled.

    See Configure WebLogic SSL.

  • You can perform this task with the system stopped or running.

Use the following command to export client identity and trust to mydir: 

./ssl.sh exportclientcerts mydir

Certificates and the zip file are generated.

Post conditions:

  • Mydir contains clientcerts.zip file.

  • Mydir also contains expanded content of the zip file for immediate use:

    • clientcert.pem

    • clientkey.pem

    • identity.jks

    • internaltrust.jks

    • internaltrust/internalca.pem

    • internaltrust/<hashed form of above>

  • Java clients can successfully connect with secure option verify server certificate set using identity.jks to define identity, and internaltrust.jks for their trust.

  • OpenSSL clients such as the Model Administration Tool can successfully connect with secure option verify peer set using clientcert.pem and clientkey.pem to define their identity, and internalca.pem as the trust file.