My Oracle Support Banner

EM 13c, 12c: How to Configure Enterprise Manager's BI Publisher (BIP) for Secure Socket Layer Certificates (Doc ID 2808950.1)

Last updated on SEPTEMBER 23, 2021

Applies to:

Enterprise Manager Base Platform - Version to [Release 12.1 to 13c]
Information in this document applies to any platform.


BI Publisher (BIP) in EM is secured out-of-box with :
- default WLS demo certificates for BIP Managed Server Port 
- default EM Console self-signed certificates for BIP OHS port

Securing BI Publisher with a Secure Socket Layer (SSL) Certificate requires to secure both WLS (for BIP Managed Server Port) and EM Console Access (for BIP OHS port)

The BI Publisher is a WLS Managed Server. 
WebLogic Server is configured with a default identity keystore (DemoIdentity.jks) and a default trust keystore (DemoTrust.jks).
In addition, WebLogic Server trusts the CA certificates in the JDK cacerts file.

EM 12c uses 10.3.6 WLS and the demo certificates have 512 bit keystrength and is signed with MD5withRSA signature algorithm
EM 13c uses 12.1.3 WLS and the demo certificates have 2048 bit keystrength and is signed with SHA256withRSA signature algorithm

This document provides steps to check the certificates used with BI Publisher in EM and how to change these certificates if needed.


This document presents the complete set of actions required to establish valid wallet and java keystore functions in securing Enterprise Manager communications.
See the following document for information about wallet and keystore definitions, when each are used, etc., in the BI Publisher deployment environment:

<Note 1218603.1> Understanding Wallets and Keystores in Fusion Middleware 11g/12c

BI Publisher in an EM Setup can be secured using either wallets or keystores by executing 'emctl secure wls [arguments]' command for BIP Managed Server Port
It is not required to use both wallets and keystores together


Secure the EM Cloud Control Console Access by executing 'emctl secure console [arguments]' command for BIP OHS port

Note: port numbers used in this document are for example only



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 A. How to determine the certificates used by BI PUBLISHER
 B. How to create a wallet for WLS and import third-party certificates into the wallet
 C. How to secure / renew EM WLS and EM Console Access with third-party certificates stored in a wallet
 D. How to create a Java Keystore for WLS and import third party certificates into the keystore
 E. How to secure / renew EM WLS with third-party certificates stored in keystore
 F. How to rollback BI PUBLISHER (EM WLS and EM Console Access) to default demo certificates (Also required when existing certificates are expired)

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.