Hi @david_mcaffee,

Thanks for being a part of the Oracle Analytics community and posting your question!

The official documentation Enable Internal SSL, nor the script help (ssl.sh|.cmd -help) describes the steps to use an externally signed certificates for the internal component communication encryption. There are some advanced options for the internal certification generation in [DOMAIN_HOME]/config/fmwconfig/biconfig/core/ssl/bi-ssl.xml

It is documented/supported for the external communication coming through the managed server to have externally signed certificates.

Having said that, you theoretically as an unsupported customization it may work do generate a CSR with keytool, have it signed by external CA, replace the self-signed certificates in the internal keystore (including root/intermediate certs), rebind the channels. I say unsupported because it is not tested or documented by Oracle Analytics, so you mileage may vary and unforeseen consequences and all that safe harbor verbage.

Typically for this use case, internalCA is adequate with changing default keystore passwords and network filters.

If you need more, then you will need to file an Idea Lab request (enhancement) for evaluation.