OBIEE 11g LDAP with HTTPS – SSL Setup

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with SSL protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.

The purpose of the thread is to establish the connection between web via OBIEE11g front-end and the weblogic app server using  HTTPS protocol . The first part of the below thread describes it. The second part of the thread describes how to enable the communication between the OBIEE components,Weblogic Admin and Managed servers via secure SSL protocol. This will ensure the communication using the SSL Certificates.

In my case it is presumed that OBIEE11g Repository already configured with LDAP server based authentication.

Part One – Configuration under Weblogic Admin

Rest of the settings described as below:

1) Login to Weblogic Administration Console .

2) Click on Environments -) Servers -) AdminServer (admin) -) General tab

3) Click Lock and Edit from the left pane.

4) Check the ‘SSL Listen Port Enabled’ as 7002 (this is not default SSL port enabled for all browsers , So please check yours ad modify based on that)

This will ensure that you will be able to access the URL using 7002 port using https://

5) Check also ‘Listen Port Enabled’ if you also want to access BI URL using http://

6) Save the configuration

7) Activate the changes from left pane

8 ) Change the StartStopServices.cmd file from : “<MiddleWare Home>\instances\instance1\bifoundation\OracleBIApplication\coreapplication” as below for below parameters only:

set BI_URL=

set wls.mgd.port=7002

9) Restart the Weblogic Servers(Admin/Managed) and BI Servers components

10) Accept the exception in browser when it prompts for it and continue accessing BI URL in secure HTTPS protocol

(Note that once this has been made as https:// you have to access OFWM EM Control page and Weblogic Console page also in https:// going forward)

Part Two – Configuration under OFMW Enterprise Manager

1) Navigate to “<OFMW Home>\user_projects\domains\bifoundation_domain\bin” and take backup of startManagedWebLogic.cmd

2) Edit and locate section with below content::

set”<OFMW Home>\wlserver_10.3\server\lib\cacerts”

3) Replace the above with below:: (Kindly note that you have to change the OFMW Home path as applicable to your environment)

set JAVA_OPTIONS=”<OFMW Home>\wlserver_10.3\server\lib\DemoTrust.jks””

4) Restart all the services of Weblogic (Admin/Managed/opmnctl/Node Manager/Process Manager)

5) Now in the next step System MBean browser will be configured to enable SSL across all BI components

6) Login OFMW Control Enterprise Manager page

7) Invoke the Lock of BIDomain.

8 ) Now we have to Generates the certificates required as a prerequisite for enabling SSL, using the specified passphrase to protect both certificate stores and private keys.This enables internal https calls to the web server. The certificate type (pem or der) must be explicitly stated.

Hence navigate to oracle.biee.admin –> bifoundation_domain –> BIDomain.BIInstance.SecurityConfiguration and click on the BIDomain.BIInstance.SecurityConfiguration MBean.Click on the operation tab click on “generateSSLCertificates”.

9) Enter the details asked for: For my case I have included below:

Passphrase  : dxp12345

webServerCACertificatePath : \wlserver_10.3\server\lib\CertGenCA.der

certificateEncoding is: der

10) Now click on Invoke

11) Return to the path specified in step 7 and click on simpleCommit.

12) Now click on attributes tab of the step 8 and click on ‘SSLEnabled’ .Change the value to True from False and click on Apply.

13) Repeat step 7 to lock and perform step 11 for simpleCommit.

14) Repeat Step 4

15) Return to Step 8 and click on “runSSLReport” ,Invoke it and find the output as below to ensure correct SSL communication across all BI components:

That’s All for today …. See you next time … 🙂 stay tuned !

%d bloggers like this: