5-6 Security Guide for Oracle Business Intelligence Enterprise Edition ■ oracle.biee.admin:type=BIDomain, group=Config 5. Select the BIDomain MBean having the full name oracle.biee.admin:type=BIDomain, group=Service from the MBean navigation tree.

6. Select the Operations tab, then Lock.

7. Click Invoke.

A confirmation displays to indicate that the configuration is locked. The next step is to generate the SSL certificates. For more information, see Section 5.4.2, Generating the SSL Certificates .

5.4.2 Generating the SSL Certificates

Internal SSL communication requires that server certificates, a server public key, and a private key be generated. Oracle Business Intelligence acts as a private CA certificate authority for internal communication only. The BIDomain.BIInstance.SecurityConfiguration MBean is used to generate the SSL certificates. To generate the SSL certificate: 1. Lock the configuration. For information, see Section 5.4.1, Locking the Configuration . 2. In Fusion Middleware Control target navigation pane, expand the farm, then expand WebLogic Domain, and select bifoundation_domain.

3. Display the WebLogic Domain menu, and select System MBean Browser.

The System MBean Browser page is displayed. Note: If you have existing certificates, best practice is to discard them and generate new certificates by following these steps. To use your existing certificates you must manually configure SSL. SSL Configuration in Oracle Business Intelligence 5-7 4. Expand the Application Defined MBeans node in the MBean navigation tree, then expand the oracle.biee.admin node, then expand the bifoundation_domain node. 5. Locate and expand the BIDomain.BIInstance.SecurityConfiguration node. The BIDomain.BIInstance.SecurityConfiguration MBean is displayed. 6. Select the BIDomain.BIInstance.SecurityConfiguration MBean. Configuration options for the MBean display in the right pane.

7. Select the Attributes tab, then locate the SSLCertificatesGenerated attribute. A

value of false indicates that SSL certificates have not been generated. If certificates have been previously generated, you can continue to replace them with new certificates.

8. Select the Operations tab, then select generateSSLCertificates operation.

The parameters for the generateSSLCertificates attribute for the BIDomain.BIInstance.SecurityConfiguration MBean displays. 9. Provide values for the following parameters: ■ passphrase : Must be more than six characters. The SSL passphrase protects the various certificates and, most importantly, the private key. Remember this passphrase. For example, you need to use it to connect to a BI Server using command line tools that require the tool to verify the BI Server certificate. ■ webServerCACertificatePath : Enter the path for the Certificate Authority CA root certificate for the CA used to sign the web servers certificate. Do not enter the individual web server certificate. Supported types are .der. and .pem. 5-8 Security Guide for Oracle Business Intelligence Enterprise Edition For Oracle WebLogic Server default demonstration certificate authority, enter MW_HOMEwlserver_10.3serverlibCertGenCA.der. ■ certificateEncoding : Supported types are .der. and .pem. For Oracle WebLogic Server default, enter der

10. Click Invoke.