cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1419
Views
0
Helpful
3
Replies
tporembski
Beginner

Configuring Oracle Hyperion on ACE30

I have a request to configure an ACE30 for Oracle Hyperion utilizing SSL termination at the SSL offloader(ACE30).  Does anyone have a sample configuration or template of some sort that could guide me through what needs to be configured.  We have many applications on the ACE#) but this is the first time we are going to try SSL termination.

I have attached the hyperion deployment guide which explains the reuirements in detail.

Thank you

1 ACCEPTED SOLUTION
3 REPLIES 3
ajayku2
Enthusiast

Hi,

Looking at the attached document I see that you need a wild card certificate.

from the document:

"SSL terminated at SSL offloader configuration uses two server aliases; for example, epm.myCompany.com and empinternal.myCompany.com"

It also mentions:

"A signed certificate to support external communication between the offloader and browsers (through  epm.myCompany.com) must be installed on the offloader/load balancer. "

"The two signed certificates—one to support external communication between the offloader and browsers (through epm.myCompany.com), and the other to support internal communication (through empinternal.myCompany.com) among applications—must be installed on the offloader/load balancer. Oracle recommends that these certificates be tied to server aliases to prevent the exposure of server names and to enhance security."

If you are willing to access the domain from internet then it is advisable to install a Signed certificate which is signed by known Certificate authority.

You can use the following link to achieve SSL offloading :

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Configuration_Examples_--_SSL_Configuration_Examples

In case if you are using within private network then you can use the method mentioned by Jorge.

Hope that helps,

regards,

Ajay Kumar

tporembski
Beginner

Thanks for the replies I believe Jorge example should work for us as we are using this within a private network.

Thanks again.

Tony