Configuring SSL Connections to External Systems

Use these links to see topics about configuring SSL connections to external systems:

• Configuring SSL for the SMTP Server Using Fusion Middleware Control

• Configuring SSL when Using Multiple Authenticators

Configuring SSL for the SMTP Server Using Fusion Middleware Control

You must obtain the SMTP server certificate to complete this task.

1. Login to Fusion Middleware Control.
2. Go to the Business Intelligence Overview page.
3. Display the Mail tab of the Deployment page.

   Click the Help button on the page to access the page-level help for its elements.

4. Lock the configuring by clicking Lock and Edit Configuration.
5. Complete the fields under Secure Socket Layer (SSL) as follows:

   • Connection Security: Select an option, other fields may become active afterward.

   • Specify CA certificate source: Select Directory or File.

   • CA certificate directory: Specify the directory containing CA certificates.

   • CA certificate file: Specify the file name for the CA certificate.

   • SSL certificate verification depth: Specify the verification level applied to the certificate.

   • SSL cipher list: Specify the list of ciphers matching the cipher suite name that the SMTP server supports, for example, RSA+RC4+SHA.

6. Click Apply, then Activate Changes.

Configuring SSL when Using Multiple Authenticators

If you are configuring multiple authenticators, and have configured an additional LDAP Authenticator to communicate over SSL (one-way SSL only), you need to put the corresponding LDAP server's root certificate in an additional keystore used by the virtualization (libOVD) functionality.

Note:

Before completing this task, you must configure the custom property called virtualize (lower case), and set its value to true, see Configuring Identity Store Virtualization Using Fusion Middleware Control.

See Starting and Stopping Components in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

1. Create the keystore:

   1. Set environment variables ORACLE_HOME, WL_HOME and JAVA_HOME.

      For example (on UNIX):

      set ORACLE_HOME= orahome

      set WL_HOME=orahome/wlserver

      set JAVA_HOME=orahome/oracle_common/jdk

   2. Set up the keystore by running libovdconfig.sh (on UNIX), or libovdconfig.bat (on Windows), using -createKeystore option.

      For example, on UNIX, open a shell prompt and change the directory to <OracleHome>/oracle_common/bin. Then, run the following command (which prompts for the Oracle Business Intelligence administrator user name and password), for example:

      ./libovdconfig.sh -host <hostname> -port <Admin_Server_Port> -userName <BI Admin User> -domainPath <OracleHome>/user_projects/domains/bi -createKeystore
      

   3. When prompted, enter the Oracle Business Intelligence administrator password, and the OVD Keystore password, a new password that is used to secure a Keystore file, created by the libovdconfig.sh -createKeystore command.

      Once this command runs, you should see two new credentials in the Credential Store and a new Keystore file called adapters.jks under <OracleHome>/user_projects/domains/bi/config/fmwconfig/ovd/default.

2. Export the root certificate from the LDAP directory.

3. Import the root certificate to the libOVD keystore using the keytool command:

   <OracleHome>/jdk/jre/bin/keytool -import -keystore <OracleHome>/user_projects/domains/bi/config/fmwconfig/ovd/default/adapters.jks -storepass <KeyStore password> -alias <alias of your choice> -file <Certificate filename>
   

4. Restart WebLogic Server and Oracle Business Intelligence processes.