Enable SSL Configuration in Oracle Business Intelligence(OBIEE 11G)

By default, Oracle Business Intelligence components communicate with each other
using TCP/IP. Configuring SSL between the Oracle Business Intelligence components
enables secured network communication

Steps listed will guide you for SSL Configuration between BI Components with your own created certificates.

Step 1: Configuring Oracle WebLogic Server:

cd  $MW_Home/user/projects/domains/bifoundation_domain/bin/startManagedWebLogic.sh
Add ->
set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.trustStore="C:/biee11g/wlserver_
10.3/server/lib/DemoTrust.jks" -Djavax.net.ssl.trustStorePassword=""

Step 2: Generate the SSL certificate:

Open System Mbean Browser.

Locate and expand the BIDomain node to display two BIDomain Mbeans. Then either hover your cursor over each Mbean or click Show MBean Information to display their full names:
oracle.biee.admin:type=BIDomain, group=Service
oracle.biee.admin:type=BIDomain, group=Config

Select Operations Tab -> lock -> Click Invoke.

locate the SSLCertificatesGenerated attribute and set to true.

Select the Operations tab in the above screen, then select generateSSLCertificates operation.

Provide values for the following parameters:
passphrase: Must be more than six characters. The SSL passphrase protects the various certificates and, most importantly, the private key. Remember this passphrase. For example, you need to use it to connect to a BI Server using command line tools that require the tool to verify the BI Server certificate.
webServerCACertificatePath: Enter the path for the Web server certificate.For Oracle WebLogic Server default demonstration certificate, enter /server/lib/CertGenCA.der. Supported types are .der. and .pem.

certificateEncoding: Supported types are .der. and .pem. For Oracle WebLogic Server default, enter der

Click Invoke once done.

Step3: Verify SSL certificates in credential store:

Open oracle.bi.enterprise credential map and verify the SSL credentials have been saved to the credential store. If successful, the following SSL credentials display in the oracle.bi.enterprise credential map:

Step 4: Enable the SSL configuration and restart Oracle Business Intelligence components:

verify Step 1 must be completed to proceed. From the System Mbean Browser, select the
BIDomain.BIInstanceSecurityConfiguration MBean. 

Step 5: Configure SSL communication for the mail server:
we must get the server certificate from the SMTP server  first then login to em and do the following:
Check Use SSL to connect to mail server. The other fields become active afterward.

Specify CA certificate source: select Directory or File.
I have placed the certificate that i got from the SMTP server in C:\BIEE11G\wlserver_10.3\server\lib so i have specified the directory and it worked for me.
CA certificate directory: Specify the directory containing CA certificates.
CA certificate file: Specify the file name for the CA certificate.
SSL certificate depth: Specify the verification level applied to the certificate
SSL cipher list: Specify the list of ciphers matching the cipher suite name that
the SMTP server supports. For example, RSA+RC4+SHA.

1 comment:

  1. Saleem, The blog seems to be useful than oracle documentation :). Please clarify the below

    1) "Step 5: Configure SSL communication for the mail server: " Can we configure the step 5 directly without Step 1-4 ?

    2) The certificate from SMTP server, is it a public certificate for the SMTP server?

    Thanks in Advance