Oracle Analytics and AI

Enabling Internal SSL in OAS using custom CA signed certificates

For compliance reasons I am planning to enable internal SSL in our OAS instance. If I understand correctly calling the ssl.sh will create certificates for components with an internal CA. Is there are way to configure the instance to use CA signed certificates that have been created and signed externally?

Find more posts tagged with

SSL

OAS

Accepted answers

SteveF-Oracle

Hi @david_mcaffee,

Thanks for being a part of the Oracle Analytics community and posting your question!

The official documentation Enable Internal SSL, nor the script help (ssl.sh|.cmd -help) describes the steps to use an externally signed certificates for the internal component communication encryption. There are some advanced options for the internal certification generation in [DOMAIN_HOME]/config/fmwconfig/biconfig/core/ssl/bi-ssl.xml

It is documented/supported for the external communication coming through the managed server to have externally signed certificates.

Having said that, you theoretically as an unsupported customization it may work do generate a CSR with keytool, have it signed by external CA, replace the self-signed certificates in the internal keystore (including root/intermediate certs), rebind the channels. I say unsupported because it is not tested or documented by Oracle Analytics, so you mileage may vary and unforeseen consequences and all that safe harbor verbage.

Typically for this use case, internalCA is adequate with changing default keystore passwords and network filters.

If you need more, then you will need to file an Idea Lab request (enhancement) for evaluation.

All comments

SteveF-Oracle

david_mcaffee

Thank you for your help

Bhaskar Konar

https://community.oracle.com/products/oracleanalytics/discussion/comment/70045#Comment_70045

Thank you so much, @SteveF-Oracle!

This information is incredibly helpful.