Use this topic to configure SSL for clients.
Clients accessing the BIEE components must be configured to use BIEE certificates.
Note:
First you must export the certificates by running the following command:
<DomainHome>/bitools/bin/ssl.sh exportclientcerts <exportDir>
This section explains how to configure SSL for clients, and contains the following topics:
First you must export the client certificates.
To export the client certificates:
When the BI Scheduler is enabled for communication over SSL, you can invoke the BI Scheduler using the SASchInvoke command line utility .
To invoke the BI Scheduler when SSL-enabled using the SASchInvoke utility:
To successfully connect to BI Scheduler that has been enabled for SSL, Oracle BI Job Manager must also be configured to communicate over SSL.
Oracle BI Job Manager is a Java based component and the keys and certificates that it uses must be stored in a Java keystore database.
To configure Oracle BI Job Manager to communicate with the BI Scheduler server over SSL:
From the File menu, select Oracle BI Job Manager, then select Open Scheduler Connection.
In the Secure Socket Layer section of the dialog box, select the SSL check box.
If the server setting “verify client certificates” is false (one way SSL) then you can leave Key Store and Key Store Password blank. This is the default setting.
If the server setting “verify client certificates” is true (two way SSL) then you must set Key Store and Key Store Password as follows:
Key Store=<exportclientcerts_directory>\identity.jks
Key Store Password = passphrase entered in Exporting Client Certificates.
To provide a secure link you should tick the verify server certificate. Without verification the connection will still work, but a person in the middle attack which impersonates the server will not be detected.
Select the Verify Server Certificate check box. When this is checked, the trust store file must be specified. This trust store contains the CA that verifies the Scheduler server certificate.
In the Trust Store text box, set the trust store to:
<exportclientcerts_directory>\internaltrust.jks
Set the Trust Store Password to the passphrase entered in Exporting Client Certificates.
For the online Catalog Manager to connect you may need to import the SSL server certificate or CA certificate.
The online Catalog Manager might fail to connect to Oracle BI Presentation Services when the HTTP web server for Oracle Business Intelligence is enabled for SSL. You must import the SSL server certificate or CA certificate from the web server into the Java Keystore of the JVM that is specified by the system JAVA_HOME variable.
To enable the online Catalog Manager to connect:
To successfully connect to a BI Server that has been enabled for SSL, the Administration Tool must also be configured to communicate over SSL. The DSN for the BI Server data source is required.
To configure the Administration Tool to communicate over SSL:
You can create an ODBC DSN for the BI Server to enable remote client access.
For more information about how to enable SSL communication for an ODBC DSN, see Integrating Other Clients with Oracle Business Intelligence in Integrator's Guide for Oracle Business Intelligence Enterprise Edition.
You can configure Oracle BI Publisher to communicate securely over the internet using SSL.
For more information, see "Configuring BI Publisher for Secure Socket Layer (SSL) Communication" in the Administrator's Guide for Oracle Business Intelligence Publisher.
If BI Publisher does not work after configuring SSL, you might need to reconfigure the HTTPs protocol, and SSL Port. For more information, see "Configuring Integration with Oracle BI Presentation Services" in Administrator's Guide for Oracle Business Intelligence Publisher.