1. Managing Security for Oracle Analytics Server
  2. Configure SSL in Oracle Analytics Server
  3. Replace the Certificates

Replace the Certificates

Certificate replacement allows replacement of all certificates by new ones.

You may want to do this because:

  • The existing certificates have expired, or are about to expire.

    Both server certificates and CA (trust) certificates have defined life spans. Once they expire connections using those certificates do not work.

  • Your organization has a policy requiring a different certificate expiry from the default provided by the BI configuration assistant.

  • The security of the existing certificates and keys has been compromised.

Assumptions:

  • You run commands from the primary host.

  • This is an offline operation.

  1. Replace internal Oracle Analytics Server or client certificates.

    When you use the regenerate command, it invalidates existing client certificates so you must re-export them.

    ./ssl.sh regenerate
./ssl.sh exportclientcerts mydir
  2. Restart the domain using:
    ./start.sh
  3. Check WebLogic certificates and corresponding trust are correctly configured using:
    ./ssl.sh report

Post conditions

The domain now runs with SSL, and uses the new certificates. Servers will not connect to a WebLogic instance using the old trust.

You can run the ssl.sh expiry command to list the new certificates with the new expiry date.