Home | Ciber
Knowledge page of Ciber Netherlands

OBIEE running it as a HTTPS / SSL service

We where recently asked how to run OBIEE as a HTTPS / SSL service. The customer wanted this because of in house security policy. Here is how we did it:

Step 1: Navigate to your OC4J config directory, ussally found in ..:\OracleBI\oc4j_bi\j2ee\home\config.  Add a new directory called: "backup_orignal". Copy the whole content of the config directory to the new directory. (better save then sorry……)

Step 2: Creating the SSLFILE (site certificate).

Open a command box and navigate to your OC4J config directory, ussally found at: ..:\OracleBI\oc4j_bi\j2ee\home\config. Enter

 

keytool -genkey -keyalg "RSA" -keystore sslfile -storepass MySecretPassword -validity 365

Next you will get a couple of questions on your name and organisation, the values entered here are used for "encrypting" the key.

OBIEE_OC4J_004

On the last question just give RETURN, else if you do not enter the same password as the storepassword, you may get “”Cannot recover key” errors when deploying your website.

Step 3: Creating a new website config file

From the config directory copy and paste the file "default-web-site.xml" rename the copy to "secure-web-site.xml". Open the new file in a editor. In the {web-site} change the port number to "443" (or an other you like) add the sub tag: secure="true". Add the SSL-config tag: {ssl-config keystore="sslfile" keystore-password="MySecretPassword"/}

OBIEE_OC4J_005

Step 4: Edit SERVER.XML

Open the file "SERVER.XML" in a editor and add reference to "secure-web-site.xml". Between the application-server tags add: {web-site path="./secure-web-site.xml" /}. Your file should look something like this:

OBIEE_OC4J_006

save the file!

Step 5:  an extra backup!

Add a new directory called: "backup_change_YYYYMMDDNNN" (fi:backup_change_20080723001. Copy the whole content of the config directory to the new directory. (Why?, if you not carefull during an upgrade you loose all your OC4J settings……)

Step 6: Restart OC4J

Stop and start your OC4J.

You can now run your OBIEE website from the default HTTPS adress.

Remeber: All your users still have to import the certificate!

Of course you also have to alter the port number in the OBIEE config files:

…\OracleBI\oc4j_bi\j2ee\home\applications\bioffice\bioffice\WEB-INF\bioffice.xml

…\OracleBI\xmlp\XMLP\Admin\Configuration\xmlp-server-config.xml

…\OracleBIData\web\config\instanceconfig.xml

Till Next Time

John Minkjan is a senior BI-consultant at Ciber in the Netherlands, the text of this article is also published on his personal blog http://obiee101.blogspot.com/

No comments yet. Be the first.

Leave a reply