Use this topic to configure SSL for clients.
Clients accessing the BIEE components must be configured to use BIEE certificates.
Note:
First you must export the certificates by running the following command:
<DomainHome>/bitools/bin/ssl.sh exportclientcerts <exportDir>
This section explains how to configure SSL for clients, and contains the following topics:
Use these steps to create the passphrase for use when exporting client certificates.
The passphrase is used to protect the export certificates. You must remember this passphrase for use when configuring each client.
The command exports Java keystores for use by Java clients, and individual certificate files for use non Java clients. To make moving the certificates to a remote machine more convenient, the export also packages all the files into a single zip file.
When the BI Scheduler is enabled for communication over SSL, you can invoke the BI Scheduler using the SASchInvoke command line utility .
To successfully connect to BI Scheduler that has been enabled for SSL, Oracle BI Job Manager must also be configured to communicate over SSL.
Oracle BI Job Manager is a Java based component and the keys and certificates that it uses must be stored in a Java keystore database. See Exporting Client Certificates.
From the File menu, select Oracle BI Job Manager, then select Open Scheduler Connection.
In the Secure Socket Layer section of the dialog box, select the SSL check box.
If the server setting “verify client certificates” is false (one way SSL) then you can leave Key Store and Key Store Password blank. This is the default setting.
If the server setting “verify client certificates” is true (two way SSL) then you must set Key Store and Key Store Password as follows:
Key Store=<exportclientcerts_directory>\identity.jks
Key Store Password = passphrase.
To provide a secure link you should tick the verify server certificate. Without verification the connection will still work, but a person in the middle attack which impersonates the server will not be detected.
Select the Verify Server Certificate check box. When this is checked, the trust store file must be specified. This trust store contains the CA that verifies the Scheduler server certificate.
In the Trust Store text box, set the trust store to:
<exportclientcerts_directory>\internaltrust.jks
Set the Trust Store Password to the passphrase.
For the online Catalog Manager to connect to Oracle BI Presentation Services, you might need to import the SSL server certificate or CA certificate.
The online Catalog Manager might fail to connect to Oracle BI Presentation Services when the HTTP web server for Oracle Business Intelligence is enabled for SSL. You must import the SSL server certificate or CA certificate from the web server into the Java Keystore of the JVM that is specified by the system JAVA_HOME variable.
The default password for the Java trust store is changeit.
To successfully connect to an Oracle BI Server configured to use SSL, you must also configure the Oracle BI Administration Tool to communicate over SSL.
The data source name (DSN) for the BI Server data source is required.
You can create an ODBC DSN for the BI Server to enable remote client access.
To enable SSL communication for an ODBC DSN, see Integrating Other Clients with Oracle Business Intelligence in Integrator's Guide for Oracle Business Intelligence Enterprise Edition.
You can configure Oracle BI Publisher to communicate securely over the internet using SSL.
See Configuring BI Publisher for Secure Socket Layer (SSL) Communication in the Administrator's Guide for Oracle Business Intelligence Publisher.
If BI Publisher does not work after configuring SSL, you might need to reconfigure the HTTPs protocol, and SSL Port. See Configuring Integration with Oracle BI Presentation Services in Administrator's Guide for Oracle Business Intelligence Publisher.