1 Reply Latest reply on Oct 21, 2017 9:59 AM by Christian Berg

    OBIEE 10g SSL/HTTPS Certificate CA Import Question

    Ally

      Hi all,

       

      Edit: I have made progress - and now face a new error: err_ssl_version_or_cipher_mismatch. Due to extreme age of this software, I'm guessing OC4J doesn't support newer TLS. Any ideas?

       

      I have a legacy OBIEE 10g system that I need to start running in SSL. I understand how to update the oc4j server.xml and default-web-site.xml and all that, but I'm having issues with the keystore.

       

      My company have provided me with a CA signed certificate in .pfx format. Can I import this to the keystore directly for use?

       

      To me, it appears not. I exported a .cert from the provided file and loaded it into the keystore. When connecting to the server I now see a "broken SSL" message.

       

      The Oracle tutorial for this talks about using Keytool to create an unsigned cert in the keystore, and then creating a certificate request which is signed by the CA, then you import the signature which matches with the Cert in the Keystore. Do we need to do all that, or can the existing Signed Cert they've provided be used, somehow?

       

      Appreciate all comments and thoughts!

       

      A.

       

      Message was edited by: Ally

        • 1. Re: OBIEE 10g SSL/HTTPS Certificate CA Import Question
          Christian Berg

          Ally wrote:

           

          Edit: I have made progress - and now face a new error: err_ssl_version_or_cipher_mismatch. Due to extreme age of this software, I'm guessing OC4J doesn't support newer TLS. Any ideas?

           

          Yes. Upgrade. Seriously you're working with more 10 year old things there and trying to do for SSL/HTTPS is like trying to put out a forest fire by putting up a huge cover so you don't see it anymore.