Configuring SSL on OBIEE 12c cluster

Adam Wickes

Hi all,

I am having some trouble getting SSL configured on a 2-node horizontally scaled cluster.
I have followed a guide by clearpeaks (https://www.clearpeaks.com/configuring-ssl-obiee-12c/ ) and have had to work out a bit for myself given the guide is for a single node install only.

Steps Followed

I have created a new keystore on both nodes with individual certificates for each. I have also imported the same root and inter certificates on both. On the advice of another website, I have also imported each user certificate into the other node as trusted. So for example, I have imported the cert requested from node 2 into node 1 as trusted and vice versa. I have also added the root and inter certs to the java store in both jdk and jre (wasn't sure which one so i did both). I have edited nodemanager.properties on both nodes (even though nodemanager is only started on node 2) and disabled the non-ssl ports for the admin server and both managed servers. I have restarted both nodes and started the nodemanager on node 2. I have executed ssl.cmd internalssl true.

The Issue
All servers start successfully but the listen ports for each one is still the non-SSL ones in WL console.
When I try to connect via browser, I have to connect using https and the SSL port however it states that it is "not secure".

The Questions

There is many!!
I am yet to find any information about how to set up keystores when using multiple nodes.
Currently on each node, I'm create an individual cert with the host name of each server as the CN. So for example, node 1 has a CN of server1.domain and node 2 has a CN of server2.domain.
Is this the correct config or should I be setting one up as master and copying the certs from that node to the other.
Does node manager have to use SSL? What about all the other services? Job Manager, catalog manager, xmlpserver etc etc

Thanks all, i'm as lost as they come at the moment.
Adam