Go to main content
Configuring SSL in Oracle WebLogic Server
You can configure one-way and two-way SSL in Oracle WebLogic Server.
This section contains the following topics:
Configuring One-Way SSL in Oracle WebLogic Server
One-way SSL is required to properly secure the communication between Oracle Business Intelligence and Oracle WebLogic Server.
From the Oracle WebLogic Server Administration Console home page, click Servers under the Environment heading.
In the Servers table, select the name of the server you want to manage.
On the General tab in the Configuration tab, select SSL Listen Port Enabled.
Use the Administration Tool to update the appropriate connection pool object in the Physical layer to use https:// instead of http://.
Update the port number to use the SSL port number, 7002, by default.
Configuring Two-Way SSL in Oracle WebLogic Server
You can set up two-way SSL to secure the communication between the Oracle BI Server and Oracle WebLogic Server.
Perform queries against ADF using your
Oracle BI Server client of choice such as nqcmd. The Oracle BI Server should communicate with the ADF Oracle WebLogic Server using mutual SSL / client certificates.
Authentication Concepts in . Security Guide for Oracle Business Intelligence Enterprise Edition
Create client certificates in the Oracle BI Server, if they do not already exist.
Modify the ADF
Oracle WebLogic Server to accept SSL connections and to perform mutual SSL using the following steps in the Oracle WebLogic Server Administration Console.
Log in to the Oracle WebLogic Server Administration Console and click Servers under the Environment heading, then click the server name.
In the Change Center, click Lock & Edit to enable configuration changes.
In the General tab, select SSL Listen Port Enabled and record the SSL Listen Port number, and then, click Save.
Select the SSL tab, then select Advanced. For Two Way Client Cert Behavior, select Client Certs Requested and Enforced. Then, click Save.
Select the Keystores tab and record the Trust Keystore.
For example, if the Demo Trust keystore is used, record its location and file name.
Click Activate Changes.
Do the following to verify that the Certificate Authority (CA) for the
Oracle BI Server client certificate is trusted by the ADF Oracle WebLogic Server:
Oracle BI Server computer, find the CA file for the client certificate.
If you generated the file in the previous step, the
cacert.pem file is located in:
cert.pem file to a known location.
On the ADF
Oracle WebLogic Server computer, open a command window and go to the location of the trust keystore.
Your trust keystore might use a location similar to the following:
/scratch/ user_name/view_storage/ user_name_fmw/fmwtools/mw_home/wlserver_10.3/server/lib
Copy the client CA file, for example,
cacert.pem to the trust keystore location.
Use the following command in the JDK keytool utility to import the client CA into the trust keystore for the ADF server, making it a trusted CA:
keytool -import -file
keystore_file -keystorepass keystore_password
/scratch/my_name/view_storage/my_name_fmw/jdk6/bin/keytool -import -file
~/Downloads/SSL/cacert.pem -keystore DemoTrust.jks -keystorepass
Use the following steps to update the Physical layer of the Oracle BI repository:
In the Administration Tool, in the Physical layer, open the first ADF connection pool object and select the Miscellaneous tab.
Update the URL field to use the https protocol and the SSL port and then click OK.
Repeat the previous two steps for each additional ADF connection pool object.
Save the repository and restart the Oracle BI Server.
Oracle BI Server ODBC DSN to use SSL.
For example, on Windows do the following:
Open the ODBC Data Source Administrator and select the System DSN tab.
Double-click the DSN for the
Oracle BI Server.
The DSN should start with
Next, click Next again, and then click Finish.
Scripting on this page enhances content navigation, but does not change the content in any way.