OBIEE 11g FAQ: Can Custom Certificates Be Configured For SSL Everywhere In OBIEE 11g System Components?
Last updated on FEBRUARY 06, 2018
Applies to:Business Intelligence Suite Enterprise Edition - Version 126.96.36.199.0 and later
Business Intelligence Server Enterprise Edition - Version 188.8.131.52.0 and later
Oracle Business Intelligence Enterprise Edition - Version N/A and later
Information in this document applies to any platform.
You are configuring SSL Everywhere for the internal communication between the OBIEE 11g System Components as documented in:
Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition, Chapter 5
5.5.5 About Oracle BI EE SSL Everywhere Generated Certificates
5.6 Advanced SSL Configuration Options
- Internal SSL communication requires that server certificates, a server public key, and a private key be generated. Oracle Business Intelligence acts as a private CA (certificate authority) for internal communication only.
- The certificates expire in one year.
- The default SSL configuration uses default cipher suite negotiation. You can configure the system to use a different cipher suite if your organization's security standards do not allow for the default choice. The default choice can be viewed in the output from the SSL status report.
- 5.2.2 Creating Certificates and Keys in Oracle Business Intelligence
Secure communication over SSL requires certificates signed by a certificate authority (CA). For internal communication, the SSL Everywhere feature creates both a private certificate authority and the certificates for you. The internal certificates cannot be used for the outward facing web server because user web browsers are not aware of the private certificate authority. The web server must therefore be provided with a web server certificate signed by an externally recognized certificate authority. The central SSL configuration must be given the external certificate authority's root certificate so that the Oracle Business Intelligence components can recognize the web server certificate.
You would like to know if it is possible to use other generated certificates with your corporate private certificate authority (i.e. - with openssl) instead of the internally generated certificates by the private certificate authority.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms