Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.
Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts
2/28/10
2/26/10
Should I use SSL for Hyperion Installation?
I am going to install Hyperion products for a client, should I enable SSL option? If I enable SSL, the confguration become not successful, if I don't enable SSL, the configuration is successful. Should I do something before I enable SSL during installation? Is it very important to enable SSL? If I don't enable SSL, after installation and configuration, will remote people can see and login the workspace without error?
--------------------
SSL is secure-socket-layer. The EPM Security guide mentions the steps to enable this properly. It is not needed to have Hyperion function properly.
--------------------
SSL is secure-socket-layer. The EPM Security guide mentions the steps to enable this properly. It is not needed to have Hyperion function properly.
- It is required if the client wants all communications between the EPM system encrypted.
- It is a more complex configuration to setup SSL. Some companies use load balancers in front of EPM to encrypt all traffic.
John A. Booth
------------------------------------
If I don't enable SSL, after installation and configuration, will remote people can see and login the workspace without error?
------------------------------------
hi,
1. People can login workspace , even if you dont enable SSL.But the point is , its a protocol which provides security for communication over inernet/network
2. Recently we had done upon client interest,of course we ran into few issues.
3. There are docs available for SSL configuration, one can find it here
file name : Oracle Hyperion Enterprise Performance Management System SSL Configuration Guide Release 11.1.1.3
URL : http://download.oracle.com/docs/cd/E12825_01/nav/portal_1.htm
Sandeep Reddy Enti
HCC
http://hyperionconsultancy.com/
1. People can login workspace , even if you dont enable SSL.But the point is , its a protocol which provides security for communication over inernet/network
2. Recently we had done upon client interest,of course we ran into few issues.
3. There are docs available for SSL configuration, one can find it here
file name : Oracle Hyperion Enterprise Performance Management System SSL Configuration Guide Release 11.1.1.3
URL : http://download.oracle.com/docs/cd/E12825_01/nav/portal_1.htm
Sandeep Reddy Enti
HCC
http://hyperionconsultancy.com/
SSL-enable Shared Services
1 Optional: If the CA root certificate you are using is not from a default trusted third-party CA, import the CA root certificate into the cacerts of the JVM. cacerts is in the /lib/security directory within the JRE install directory.
Ensure that you load the CA root certificate into all JREs used by EPM System (application server,EPM System applications, HTTP servers, LDAP servers, etc.). The typical location of the JVM:
l Oracle Application Server: ORACLE_AS_HOME/jdk/jre/lib/security
l WebLogic (you must import CA root certificate into both jRockit and SUN JVMs):
. jRockit: BEA_HOME/jrockitversion_number/jre/lib/security/cacerts
. SUN: BEA_HOME/jdkversion_number/jre/lib/security/cacerts
where version_number identifies the JRE version.
---------------------
To SSL-enable Shared Services on WebLogic:
1 Log on to WebLogic Administration Console.
2 Select Servers > Shared Services (admin).
3 From General, select SSL Listen Port Enabled.
4 Specify the port (for example, 28083) on which Shared Services listens for SSL communication.
5 From Keystore, set up the identity and trust keystore.
If you are not using a root certificate from a trusted third-party CA, verify that your root CA certificate is loaded into the trust keystore and that the server certificate is loaded into your identity keystore.
6 From SSL, set up the key alias, certificate location, and pass phrase.
7 Optional: Click Advanced and set Hostname Verification value to None.
Ensure that you load the CA root certificate into all JREs used by EPM System (application server,EPM System applications, HTTP servers, LDAP servers, etc.). The typical location of the JVM:
l Oracle Application Server: ORACLE_AS_HOME/jdk/jre/lib/security
l WebLogic (you must import CA root certificate into both jRockit and SUN JVMs):
. jRockit: BEA_HOME/jrockitversion_number/jre/lib/security/cacerts
. SUN: BEA_HOME/jdkversion_number/jre/lib/security/cacerts
where version_number identifies the JRE version.
---------------------
To SSL-enable Shared Services on WebLogic:
1 Log on to WebLogic Administration Console.
2 Select Servers > Shared Services (admin).
3 From General, select SSL Listen Port Enabled.
4 Specify the port (for example, 28083) on which Shared Services listens for SSL communication.
5 From Keystore, set up the identity and trust keystore.
If you are not using a root certificate from a trusted third-party CA, verify that your root CA certificate is loaded into the trust keystore and that the server certificate is loaded into your identity keystore.
6 From SSL, set up the key alias, certificate location, and pass phrase.
7 Optional: Click Advanced and set Hostname Verification value to None.
Obtaining and Using Certificates from a CA
Obtaining a certificate from a CA typically involves the following actions:
l Generating a certificate request and sending it to the CA for processing.
l Receiving the digitally signed certificate from the CA.
If the JRE is configured to use your own trusted keystore (and not the default trusted store cacerts), you must load the CA root certificate into your trusted keystore and not into the default trusted store cacerts. To determine whether your JRE is using your own trusted keystore, ensure that the javax.net.ssl.trustStore Java start parameter points to trusted keystore; for example, -
Djavax.net.ssl.trustStore=Absolute_path_to_Trusted_keystore
l Generating a certificate request and sending it to the CA for processing.
l Receiving the digitally signed certificate from the CA.
If the JRE is configured to use your own trusted keystore (and not the default trusted store cacerts), you must load the CA root certificate into your trusted keystore and not into the default trusted store cacerts. To determine whether your JRE is using your own trusted keystore, ensure that the javax.net.ssl.trustStore Java start parameter points to trusted keystore; for example, -
Djavax.net.ssl.trustStore=Absolute_path_to_Trusted_keystore
SSL - Hyperion Installation
You have determined the deployment topology and identified the communication links that are to be secured using SSL. Note that if you SSL-enable the Web server, you must also SSLenable the application server. EPM System products do not support SSL offloading.
You have obtained the required certificates from a Certificate Authority (CA), either a wellknown CA or your own, or created self-signed certificates. You must obtain certificates for Web server, application server, and user directories. Each server that hosts EPM System products requires a separate certificate.
You have obtained the required certificates from a Certificate Authority (CA), either a wellknown CA or your own, or created self-signed certificates. You must obtain certificates for Web server, application server, and user directories. Each server that hosts EPM System products requires a separate certificate.
2/25/10
Configuring Products in an SSL-Enabled Environment
If you are configuring EPM System products for SSL, configure in this order:
1. Configure Shared Services first. To configure Shared Services, select the Foundation tasks on the Product Selection page of EPM System Configurator: “Common Settings,” “Configure Database,” “Deploy to Application Server.” On the “Common Settings” page, select “Enable SSL for communications.”
2. Set up Shared Services for SSL.
See Oracle Hyperion Enterprise Performance Management System SSL Configuration Guide.
3. Make sure Shared Services is running.
4. Configure the rest of the EPM System products.
5. Set up other EPM System products for SSL.
See Oracle Hyperion Enterprise Performance Management System SSL Configuration Guide.
1. Configure Shared Services first. To configure Shared Services, select the Foundation tasks on the Product Selection page of EPM System Configurator: “Common Settings,” “Configure Database,” “Deploy to Application Server.” On the “Common Settings” page, select “Enable SSL for communications.”
2. Set up Shared Services for SSL.
See Oracle Hyperion Enterprise Performance Management System SSL Configuration Guide.
3. Make sure Shared Services is running.
4. Configure the rest of the EPM System products.
5. Set up other EPM System products for SSL.
See Oracle Hyperion Enterprise Performance Management System SSL Configuration Guide.
SSL and WebServer - Hyperion Installation
For automatic deployment, the Web server must reside on the same machine where EPM Workspace will be deployed.
If you are using secure communication, ensure availability of SSL certificates for all components.
Ensure that Web application servers are available for EPM System product deployment. The application server and the product that you are deploying must be installed on the same computer. Web server should be installed BEFROE you install the Hyperion products.
EPM Workspace and the application being integrated must be deployed to the same Web application server type. For example, if EPM Workspace is deployed to Oracle WebLogic Server, Performance Management Architect must also be deployed to WebLogic Server.
If you are using secure communication, ensure availability of SSL certificates for all components.
Ensure that Web application servers are available for EPM System product deployment. The application server and the product that you are deploying must be installed on the same computer. Web server should be installed BEFROE you install the Hyperion products.
EPM Workspace and the application being integrated must be deployed to the same Web application server type. For example, if EPM Workspace is deployed to Oracle WebLogic Server, Performance Management Architect must also be deployed to WebLogic Server.
Subscribe to:
Posts (Atom)
