August 7, 2017 12:29 pm
*** EV certificates will not work on this version of BI Publisher ***
We have a old installation of Oracle Business Intelligence 10.1.3.4 which somehow has not been kept up to date – This happens through all businesses throughout the planet, the rule: If it works don’t touch it, applies to it.
So this server isn’t still running as HTTP, we needed to get it secured ASAP – 9 years late is better than never.
So how do you go about it?
For this you need to use the Keytool utility which comes with Java JDK / JRE on your server. See notes about this later on as this is a very outdated version of the Keytool utility.
Command to create a Java Keystore:
keytool -genkey -keyalg RSA -alias mykey -keystore mykeystore.jks
Enter a keystore password and remember it, I recommend that you use Password Safe to generate and remember the password.
Make a copy of your existing file default-web-site.xml and name it secure-web-site.xml edit the new file and add secure=”true” to the end of the line as well as change your port, 9704 is HTTP as 9706 is the standard BI HTTPS port:
http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" port="9706" display-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" secure="true">
Now add the line:
<ssl-config keystore=”full_path_to_your_keystore.jks” keystore-password=”your_keystore_password” />
Before the closing tag
Towards the bottom of your server.xml file add:
<web-site default=”true” path=”./secure-web-site.xml” />
Remove the line referencing the ./default-web-site.xml you no longer need HTTP access once you have HTTPS enabled. You’ll need to do something which I didn’t to have both HTTP and HTTPS URL’s accessible on a reboot the server will automatically delete the second
Use ‘Windows Firewall’ and look for an existing Inbound rule for 9704, copy this rule and change the port number to 9706.
Save the changes and restart ‘Oracle BI EE OC4J‘ server in ‘Services’ to reflect the changes, that or reboot the server.
Browse to : https://:9706/xmlpserver/ using the servers available web browser or your local machine, as there could be corporate firewalls in the way still, these will not know about you new port 9706 so will need to be enabled.
A quick test from a command prompt on your local machine to see is:
Telnet YourServer 9706
Go back to where you created your mykeystore.jks file and delete the mykey from within it:
keytool -delete -alias mykey -keystore mykeystore.jks
Now follow the following steps:
openssl pkcs12 -in yourCertificate.pfx -out yourCertificate.pem
openssl pkcs12 -export -in yourCertificate.pem -out yourCertificate.pkcs12
keytool&amp;amp;amp;amp;nbsp;-v -list -keystore mykeystore.jks
"C:\Program Files (x86)\Java\jre1.8.0_131\bin\keytool.exe" -v -importkeystore -srckeystore yourCertificate.pkcs12 -srcstoretype PKCS12 -destkeystore mykeystore.jks -deststoretype JKS
Restart ‘Oracle BI EE OC4J‘ server in ‘Services’ to reload the application with the new certificate or reboot the server.
You should now have a lovely secured server, if at first it doesn’t show check it on a browser that you haven’t used yet or clear your cache.
Posted by Raymond Reid
Tags:
Mobile Site | Full Site
Get a free blog at WordPress.com Theme: WordPress Mobile Edition by Alex King.