Step 1: Navigate to your OC4J config directory, ussally found in ..:\OracleBI\oc4j_bi\j2ee\home\config. Add a new directory called: "backup_orignal". Copy the whole content of the config directory to the new directory. (better save then sorry......)
Step 2: Creating the SSLFILE (site certificate).
Open a command box and navigate to your OC4J config directory, ussally found at: ..:\OracleBI\oc4j_bi\j2ee\home\config. Enter
keytool -genkey -keyalg "RSA" -keystore sslfile -storepass MySecretPassword -validity 365
Next you will get a couple of questions on your name and organisation, the values entered here are used for "encrypting" the key.
On the last question just give RETURN, else if you do not enter the same password as the storepassword, you may get “”Cannot recover key” errors when deploying your website.
Step 3: Creating a new website config file
From the config directory copy and paste the file "default-web-site.xml" rename the copy to "secure-web-site.xml". Open the new file in a editor. In the {web-site} change the port number to "443" (or an other you like) add the sub tag: secure="true". Add the SSL-config tag: {ssl-config keystore="sslfile" keystore-password="MySecretPassword"/}
Step 4: Edit SERVER.XML
Open the file "SERVER.XML" in a editor and add reference to "secure-web-site.xml". Between the application-server tags add: {web-site path="./secure-web-site.xml" /}. Your file should look something like this:
save the file!
Step 5: an extra backup!
Add a new directory called: "backup_change_YYYYMMDDNNN" (fi:backup_change_20080723001. Copy the whole content of the config directory to the new directory. (Why?, if you not carefull during an upgrade you loose all your OC4J settings......)
Step 6: Restart OC4J
Stop and start your OC4J.
You can now run your OBIEE website from the default HTTPS adress.
Remember: All your users still have to import the certificate!
Of course you also have to alter the port number in the OBIEE config files:
...\OracleBI\oc4j_bi\j2ee\home\applications\bioffice\bioffice\WEB-INF\bioffice.xml
...\OracleBI\xmlp\XMLP\Admin\Configuration\xmlp-server-config.xml
...\OracleBIData\web\config\instanceconfig.xml
Till Next Time
This article is also published on: http://knowledge.ciber.nl/weblog/
9 comments:
Is this configration good for OC4J only. What if we are using IBM Websphere and analytics.war is deployed on it. Would like to introduced reports on internet and intranet. How do we do it?
@Anonymous,
I have no experience with IBM Websphere please share any knowledge you have.
regards
John
Hi John..
First of all Thanks for the Post on SSL.
But I have a concern over here.
I implemented it as per the given steps.
The only thing I want to know is How do I update the port in Start up link?
When I click on Presentation Services from Start menu, it is again pointing to earlier port number. and infact it is again taking http in the url rather than taking https and updated port. If I manually update the port number and https in the url, it works fine.
Can you pls help me out to fix this.
Hi Akash
Rigth click on the presentations menu and edit the properties
I already tried that..it is not allowing me to change the properties.."cannot change the properties"
Might be administrator issue.
Thanks I am able to do it now..
Hi,
Thanks for the post. With keytool -genkey, we generate the key; what about generating the certificate and having it signed by a CA?
Please advise.
Thanks
Hey John, Thanks for this helpful post.
I tried this first attempt and failed. Just wondering, do we have to do any changes in NQSConfig.ini file?
There is a section which reads;
[ SECURITY ]
DEFAULT_PRIVILEGES = READ;
PROJECT_INACCESSIBLE_COLUMN_AS_NULL = NO;
MINIMUM_PASSWORD_LENGTH = 0;
#IGNORE_LDAP_PWD_EXPIRY_WARNING = NO; // default is no.
#SSL=NO;
#SSL_CERTIFICATE_FILE="servercert.pem";
#SSL_PRIVATE_KEY_FILE="serverkey.pem";
#SSL_PK_PASSPHRASE_FILE="serverpwd.txt";
#SSL_PK_PASSPHRASE_PROGRAM="sitepwd.exe";
#SSL_VERIFY_PEER=NO;
#SSL_CA_CERTIFICATE_DIR="CACertDIR";
#SSL_CA_CERTIFICATE_FILE="CACertFile";
#SSL_TRUSTED_PEER_DNS="";
#SSL_CERT_VERIFICATION_DEPTH=9;
#SSL_CIPHER_LIST="";
______________________
Cheers
Post a Comment