Forum Stats

  • 3,826,852 Users
  • 2,260,713 Discussions
  • 7,897,101 Comments

Discussions

TLS 1.2 with EPM 11.1.2.4

SomRanjan
SomRanjan Member Posts: 40 Red Ribbon
edited Dec 1, 2021 8:26AM in EPM System Infrastructure

Dear All,

Please advise on the below.

There is a requirement to enable TLS 1.2 in our Hyperion instance(11.1.2.4 on prem).

SERVER1:Planning(EPMA),FDMEE,HFR,Foundation

SERVER2:Essbase

OHS-11.1.1.7

OS: Windows Server 2012 R2

There is no load balancer. If TLS 1.2 is going to be implemented then the OHS setup needs to be done on only server-1 or in server2 also.

Does the certificate need to be imported in OWM and KEYTOOL?

What will be the compatible Java version?

I already went through 2179810.1 but confused with the implementation steps.


Hence need some suggestions to proceed.



TYIA

Tagged:

Answers

  • User_47EDD
    User_47EDD Member Posts: 6 Green Ribbon

    First things first...

    TLS 1.2 is not compatible with PHS 11.1.1.7, you'll only be able to go to TLS 1.0

    The Doc ID 2179810.1 shares a workaround for that but gives little to no explanation, basically you will need to install another OHS in your setup (version 11.1.1.9 which does support TLS 1.2) and then reverse proxy that OHS with SSL offload into your unencrypted OHS 11.1.1.7.

    Is not a crazy amount of work, but it can be tricky if never done it.

    If your 11.1.2.4 is running fine you will just need to install OHS 11.1.1.9 into another directory (this is important) and then using the config files you can configure a reverse proxy for your OHS 11.1.1.7, similar to when you redirect other apps within the same EPM OHS, like OBIEE or DRM.


    Hopes this helps


    Cheers

    Pablo