Objective :
To update the expired SSL certificate for Oracle business intelligence OBIEE 12c or Oracle Analytics Server by a new one .
A- Move the new intermediate certificate zip file to the middleware server IP 192.168.9.1
B- Unzipped under /app/ssl/ssl2025
oracle@dnlapp2:/app/ssl/ssl2025> ls -ltr
-rw-r--r-- 1 oracle oinstall 3272 Jul 31 17:44 dnlapp2.data-and-analytics.com.key
-rw-r--r-- 1 oracle oinstall 2573 Jul 31 17:53 dnlapp2_data-and-analytics_com_2023.crt
-rw-r--r-- 1 oracle oinstall 4054 Jul 31 17:53 dnlapp2_data-and-analytics_com.ca
C -Implement the steps below :
openssl pkcs12 -export -in dnlapp2_data-and-analytics_com_2023.crt -inkey dnlapp2.data-and-analytics.com.key -name dnlapp2 -out dnlapp2.data-and-analytics.com.p12
keytool -importkeystore -deststorepass data-and-analytics -destkeypass data-and-analytics -destkeystore dnlapp2.jks -srckeystore dnlapp2.data-and-analytics.com.p12 -srcstoretype PKCS12 -srcstorepass data-and-analytics -alias dnlapp2
keytool -import -trustcacerts -alias gogetroot -file dnlapp2_data-and-analytics_com.ca -keystore dnlapp2.jks
keytool -list -v -keystore dnlapp2.jks -storepass data-and-analytics
Note :
Last command lists the imported certificate successfully .
D-
1-Shutdown All the middleware services (using stop.sh)
cd /app/oracle/middleware/oracle_home/user_projects/domains/bi/bitools/bin
./stop.sh
2-Take a backup of the existing jks file : /app/ssl/dnlapp2.jks
mv dnlapp2.jks dnlapp2.jks_old_2022_23)
3-replace the old .jks file by the new one /app/ssl/ssl2025 to /app/ssl
4- Add New Certs to Java Ca certs
/usr/java8_64/bin/keytool -import -file dnlapp2_data-and-analytics_com_2023.crt -keystore /usr/java8_64/jre/lib/security/cacerts
/usr/java8_64/bin/keytool -import -file dnlapp2_data-and-analytics_com.ca -keystore /usr/java8_64/jre/lib/security/cacerts -alias goget
5-start weblogic admin server :
cd /app/oracle/middleware/oracle_home/user_projects/domains/bi/bin
./startWeblogic.sh
6-Upadte the Trust Keystore Passphrase for Admin Server :
Login to Admin Console : dnlapp2.data-and-analytics.com:9500/console
Environment -> Servers -> Admin Server (admin) ->
Keystore -> Custom Identity Keystore Passphrase -> Confirm the current value
-> Update Trust Keystore Passphrase -> Replace the current value -> Confirm the current value
-> Click Save
7-Upadte the Custom Identity & Trust Keystore Passphrase for Managed Server (bi_server1) :
Go to Summary Of servers :
8-Environment -> Servers -> bi_server1 -> Keystores ->
Update the values for Custom Identity Keystore
, Custom Trust Keystore
Click
9-stop weblogic admin server :
cd /app/oracle/middleware/oracle_home/user_projects/domains/bi/bin
./stopWeblogic.sh
10-make sure no oracle / or java background processes are running on Unix server by running :
ps -ef | grep oracle
ps -ef | grep java
11-Start all the middleware services :
cd /app/oracle/middleware/oracle_home/user_projects/domains/bi/bitools/bin
./start.sh
12-go to analytics login page
-Make sure you are able to login .
-Click on the connection security lock :
Click on ‘Connection is secure “
-Click on the certificate to check the validity dates :
