Installing and Configuring Oracle? Hyperion Enterprise Performance Management System 11.1.2 with SSL Enabled on All Layers
This tutorial covers installation and configuration of Oracle? Hyperion Enterprise Performance Management (EPM) System 11.1.2 with Secure Sockets Layer (SSL) enabled on all layers, with WebLogic 11gR1 and Oracle HTTP Server (OHS) 11gR1.
Time to Complete
Approximately 4 hours
This tutorial covers the following topics:
Installing EPM System
Configuring Foundation Services and Enabling SSL
Defining and Importing Certificates
Configuring OHS Web Server
Configuring WebLogic Applications with SSL
Installing Remaining Products
Click icon to hide all screenshots
Note: Alternatively, you can click an individual icon (or image) associated with each step to view (or hide) the screenshot associated with that step.
In this tutorial, you perform a full SSL EPM System 11.1.2 installation and configuration. You learn how to:
?Define and manage certificates for Oracle Wallet and JKS
?Configure OHS for SSL
?Configure WebLogic for SSL
?Configure EPM System for SSL
This tutorial uses the same principle as other SSL configurations (for example, SSL offloading and two-way SSL), that is separating internal and external communications flows with two URLs:
http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html for browser and Smart View client connections to the web server; and
http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html for server to server communications. Deployment architecture:
Back to Topic List Scenario
You are tasked with enabling SSL on a new EPM System installation. Your company is using its own certification authority to sign certificates, not relying on trusted third party root ca (root certificate
Your setup is composed of seven machines:
?OHS web server to proxy requests to web applications
?Two WebLogic servers to run Planning and other java applications
?Two Internet Information Services (IIS) servers to run Financial Management and other IIS application servers
?Oracle Database server
?External LDAP server
Back to Topic List Prerequisites
Before starting this tutorial, you should:
1. Download EPM System 11.1.2 assemblies from http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html, including WebLogic 11gR1
and OHS 11gR1
2. Define two DNS aliases - http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html and http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html pointing to your
Back to Topic List Installing EPM System
Follow the steps below to install EPM System:
At the bottom of the installer window, ensure the prerequisites are met, and click Next.
Enter the Middleware home, for example, d:\Oracle\Middleware , and click Next . 4.
Select New Installation > Choose components by tier , and click Next . 5. In the Web Application colomn, select Foundation Services Web Applications , and uncheck all other components.
Follow the wizard steps to complete the installation. Back to Topic List
Configuring Foundation Services and Enabling SSL
Configuring Foundation Services for SSL on WebLogic Server
1 . Import the root certification authority certificate for the database server for SSL JDBC into EPM Configurator keystore located in
%EPM_ORACLE_HOME%\common\JRE\Sun\1.6.0\bin\keytool.exe -import -alias myrootca
-keystore %EPM_ORACLE_HOME%\common\JRE\Sun\1.6.0\lib\security\cacerts -trustcacerts -file %EPM_ORACLE_HOME%\ssl\CA.crt -storepass changeit
Note: The default password is changeit .
2 . From the Start menu, select All Programs > Oracle EPM System > Foundation Services > EPM System Configurator.
The EPM System Configurator is launched.
Under Hyperion Foundation, select the following components:
Configure Oracle Configuration Manager
Deploy to Application Server
The "Set up Shared Services and Registry Database Connection associated with the instance home" dialog box is displayed.
4 . Click Advanced options, set up the SSL JDBC URL as specified in the following figure, and click OK.
5 . Select Create Windows Services for configured components and Use SSL for Web application server communications (Requires manual configuration).
Note: If you have an SSL SMTP server, select Use SSL to communicate with mail server.
The "Information of the WebLogic Domain to which the web applications are deployed" dialog box is
Select Define a new Domain to deploy the web applications and enter a password for the domain. .
Note: Make sure the password has at least eight alphanumeric characters and at least one number or special character.
The Application Server Deployment: Oracle WebLogic dialog box is displayed.
In the Advanced column, click Set up for each Ear/War component. The Advanced Setup dialog box is displayed.
1 0 . Define a new logical address http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html (internal load balancer host) for Workspace and Shared Services. Specify the internal load balancer SSL port 19443.
1 1 . Click OK.
The Oracle Configuration Manager Registration dialog box is displayed.
1 2 . Select the desired setting and click Next.
The "Set Shared Services admin user password" dialog box is displayed.
1 3 . Click Next.
The list of products and tasks to be configured is displayed.
1 4 . Click Next
to complete the configuration.
Click Finish . Configuring Web Server
On the OHS server, launch EPM System Configurator, and select Configure Web Server
The Configure Web Server dialog box is displayed.
Note: This step configures OHS using HTTP. SSL configuration is manual, after certificates are created.
The list of configuration tasks is displayed.
Click Next to complete the configuration.
Back to Topic List Defining and Importing Certificates
You need eight server certificates for this configuration:
?Two server certificates for OHS ( http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html and http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html). These two certificates are stored in the same Oracle Wallet.
?WebLogic servers 1 and 2 ( http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html and http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html). These certificates are stored in java keystores.
?IIS ( http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html and http://m.wendangku.net/doc/16632c4b4431b90d6c85c7d1.html). The certificates are stored in the windows