This discussion is archived
0 Replies Latest reply: Mar 20, 2013 6:19 PM by rnagaraj RSS

OBIEE 11g SSL Configuration Certtificate Validity is displaying only 3month

rnagaraj Newbie
Currently Being Moderated
Problem Summary
---------------------------------------------------
SSL Certificates validity is displaying for only 3 months in the browser.

Problem Description
---------------------------------------------------
Followed Doc ID 1326781.1

we have BI-Apps(7.9.6.3) installed with OBIEE 11.1.1.6.2 BP1. The user Authentication is done from the Microsoft AD(LDAP).

We configured the SSL for OBIEE as per Doc ID 1326781.1.

In the first part of this doc - "Step 1: Generate the required certificates and keystores for SSL communication"
we have generated the new keystore.
We have imported the certificated provided by the client - client have provided us with cert.p7b file , this had chained certofocates in it and we extracted all .cer files from it and imported in the new keystore created in above step.
performed remaining all the steps as per the doc mentioned.

Now concern here is - on the client machine where we are accessing the HTTPS URL for analytics application, the certificate shows validity only for three months.(however the cfts provided by client are valid for more than 2 yrs).

Certs received from Client are valid for at least more than 1 yr. but application console does not reflect the same


Impact of this problem : After 3 months we are not able to log into the application, as certificated expires.


Though there is certificate error in the browser, we are able to log into the application.

We followed below 2 approach in extracting and importing the certificate to key store, both are not working
Approach 1
1) Created a new keystore: (this is step where passed CN as prod_gtpm)

keytool -genkey -alias ObiProd -keyalg RSA -keysize 1024 -keypass ProdWelcome1 -keystore mykeystore.jks -storepass ProdWelcome1



2) Created the cert request and provided the .csr file to client

keytool -certreq -v -alias ObiProd -file server.csr -keypass ProdWelcome1 -storepass ProdWelcome1 -keystore mykeystore.jks

3 .pem SSL Creation Instructions
SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file.
Creating a .pem with the Entire SSL Certificate Trust Chain

1.     Download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
2.     Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
1.     The Primary Certificate - your_domain_name.crt
2.     The Intermediate Certificate - DigiCertCA.crt
3.     The Root Certificate - TrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Save the combined file as your_domain_name.pem. and imported the pem file in keystore.

Approach 2
1) Created a new keystore: (this is step where passed CN as prod_gtpm_obi)

keytool -genkey -alias ObiProd -keyalg RSA -keysize 1024 -keypass ProdWelcome1 -keystore mykeystore.jks -storepass ProdWelcome1



2) Created the cert request and provided the .csr file to client

keytool -certreq -v -alias ObiProd -file server.csr -keypass ProdWelcome1 -storepass ProdWelcome1 -keystore mykeystore.jks



3) Exported the 3 certs from the prod_gtpm_obi.p7b file provided by client and imported all three certs one-by-one into keystore:

keytool -import -file HTTPS_cert1.cer -alias ProdObiHttps1 -keystore mykeystore.jks -storepass ProdWelcome1

keytool -import -file HTTPS_cert2.cer -alias ProdObiHttps2 -keystore mykeystore.jks -storepass ProdWelcome1

keytool -import -file HTTPS_cert3.cer -alias ProdObiHttps3 -keystore mykeystore.jks -storepass ProdWelcome1

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points