It covers the following topics:
BI Publisher supports digital signatures on PDF output documents.
Digital signatures enable you to verify the authenticity of the documents you send and receive. Oracle BI Publisher can access your digital ID file from a central, secure location and at runtime sign the PDF output with the digital ID. The digital signature verifies the signer's identity and ensures that the document has not been altered after it was signed.
For additional information, refer to the Verisign and Adobe websites.
Before you can implement digital signatures with Oracle BI Publisher output documents, be aware of the following:
A digital ID obtained from a public certificate authority or from a private/internal certificate authority (if for internal use only). You must copy the digital ID file to a secure location of the file system on the server that is accessible by the BI Publisher server.
Use of digital signatures with Oracle BI Publisher output documents has the following limitations:
Only a single digital ID can be registered with BI Publisher.
Only reports submitted through BI Publisher's Schedule Report Job interface can include the digital signature.
The digital signature is enabled at the report level; therefore, multiple templates assigned to the same report share the digital signature properties.
You can obtain a digital certificate either by purchasing one or by using the self-sign method.
Purchase one from a certificate authority, such as Verisign, and save it to your computer. This method is recommended because it is easier to verify (and therefore trust) the authenticity of the certificate that you purchase. Next, use Microsoft Internet Explorer 7 or later to create a PFX file based on the certificate you purchased. See Creating PFX Files.
Create a self-signed certificate using a software program, such as Adobe Acrobat, Adobe Reader, OpenSSL, or OSDT. This method is less preferred because anyone can create a self-signed certificate. Therefore, it is more difficult to verify and trust the authenticity of the certificate.
Typically, when you create a self-signed certificate using a software program, the program saves the certificate as part of a PFX file. If this is the case, you do not need to create another PFX file (as described in Creating PFX Files).
To create a self-signed certificate using Adobe Reader:
Open Adobe Reader.
From the Document menu, click Security Settings.
Select Digital IDs on the left.
On the toolbar, click Add ID.
Follow the steps in the Add Digital ID wizard. For assistance, refer to the documentation provided with Adobe Reader.
When prompted, save your self-signed certificate as part of a PFX file to an accessible location on your computer.
After you create your self-signed certificate as part of a PFX file, you can use the PFX file to sign PDF documents by registering it with BI Publisher. See Implementing a Digital Signature.
If you obtained a digital certificate from a certificate authority, you can create a PFX file using that certificate and Microsoft Internet Explorer 7 or later.
Note:
If you created a self-signed certificate using a software program such as Adobe Reader, it is likely that the program created the certificate in a PFX file. If this is the case, you don't have to create another PFX file. You can use the one you have.
To create a PFX file with Microsoft Windows Explorer 7 or later:
After you create your PFX file, you can use it to sign PDF documents.
You can set up and sign your output PDF documents with a digital signature.
To implement a digital signature:
BI Publisher supports the identification of a single digital ID file.
To register a digital ID in the BI Publisher Administration page:
You must specify the location for the digital signature to appear in the completed document. The methods available depend on whether the template type is PDF or RTF.
If the template is PDF, use one of the following options:
Specifying a Template Field in a PDF Template for the Digital Signature
Specifying the Location for the Digital Signature in the Report Properties
If the template is RTF, use the following option:
Include a field in the PDF template for digital signatures.
See Adding or Designating a Field for a Digital Signature in Report Designer's Guide for Oracle Business Intelligence Publisher for instructions on including a field in the PDF template for the digital signature.
When you specify a location in the document to place the digital signature, you can either specify a general location (Top Left, Top Center, or Top Right) or you can specify x and y coordinates in the document.
You can also specify the field height and width. This is done through properties on the Runtime Configuration page. Therefore you do not need to alter the template to include a digital signature.
To specify the location for the digital signature:
The figure below shows a report that is configured to place the digital signature at specific x and y coordinates in the document.
Users assigned a role with the digital signature privilege can attach the digital signature to their generated reports configured to include the digital signature. The digital signature can be inserted only on scheduled reports.
To sign reports with a digital signature: