OBIEE 12c SAMPLE VM_obiee tls-优快云博客

本文链接：https://blog.youkuaiyun.com/orientlight/article/details/51086235

本文介绍OBIEE 12c中SSL配置的具体步骤及常见问题处理方法，包括如何启用内部SSL、验证SSL连接以及解决BI管理工具登录失败等问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

OBIEE 12c SAMPLE

/app/oracle/biee/user_projects/domains/bi2/nodemanager/nodemanager.log

/app/oracle/biee/user_projects/domains/bi2/servers/AdminServer/logs

download rpd

[oracle@demo bin]$ pwd
/app/oracle/biee/user_projects/domains/bi2/bitools/bin
[oracle@demo bin]$ ./data-model-cmd.sh downloadrpd -u weblogic -p Admin123 -o bi2.rpd -w Admin123 -S demo.us.oracle.com -SI ssi

bi 客户端安装，只有windows平台软件

下载地址

修改服务为HTTPS连接后出了点问题

BI 管理工具联机打开RPD出现提示：

---------------------------
Oracle BI 管理工具
---------------------------
由于以下原因, 登录失败: [nQSError: 43113] 从 OBIS 返回消息。
[53003] LDAP 绑定失败: Can't contact LDAP server。

[nQSError: 37001] 无法连接至 Oracle BI Server 实例。。
---------------------------
确定
---------------------------

登录分析页面出现提示：

Unable to Sign In

An error occurred during authentication. Try again later or contact your system administrator.

配置内部SSL

[biee@lcent12 bin]$ ls
admintool.sh                   biserverxmlcli.sh    create_bi_service_instance.sh  equalizerpds.sh          nqcmd.sh           nqudmlgen.sh            runcat.sh       status.sh
biserverapplyverticalrules.sh  biserverxmlexec.sh   data-model-cmd.sh              externalizestrings.sh    nqgenoldverrpd.sh  obieerpdmigrateutil.sh  ssl.sh          stop.sh
biserverextender.sh            biserverxmlgen.sh    delete_bi_machine.sh           extractprojects.sh       nqsecudmlgen.sh    obieerpdpwdchg.sh       startESSCMD.sh  sync_midtier_db.sh
biservergentypexml.sh          clone_bi_machine.sh  delete_bi_service_instance.sh  generate_css_secrets.sh  nqudmlcli.sh       patchrpd.sh             startMAXL.sh    validaterpd.sh
biservermetadatadictgen.sh     comparerpd.sh        diagnostic_dump.sh             migration-tool.sh        nqudmlexec.sh      prunerpd.sh             start.sh
[biee@lcent12 bin]$ ./ssl.sh internalssl true
Logging to: /app/bi/bi12/user_projects/domains/bi/bilogs/sslcommand.log

Reading domain
Setting protocol to https for server bi_server1
Rebinding channel certificates for server bi_server1
Checking certificate exists for endpoint: BI-SECURITY-SOAP.bi_server1 http://lcent12:9505/bi-security/service - custom channel bi_internal_channel1
No new certificates required.
Internal BIEE communications have been configured to use SSL with certificates 
matching the current listening addresses.  Rerun if you change the addresses. 
To achieve end to end security you also need to review the SSL configuration  
of other components, including the external ports of WebLogic servers. 

All certificates have more than 30 days to expiry.

Startup all BIEE servers to consume the new configuraton.  For example run the start[.sh] command line tool in the same directory as this ssl tool.

重启后查看内部SSL端口

[biee@lcent12 bin]$ ./ssl.sh report
Logging to: /app/bi/bi12/user_projects/domains/bi/bilogs/sslcommand.log

Internal SSL enabled
   Client verification disabled (One way SSL)
   Using all available default ciphers
Type: OBICCS
    Scanning endpoint OBICCS.obiccs1 tcp(s)://lcent12:9508(9508)/ - System Component
Type: OBIJH
    Scanning endpoint OBIJH.obijh1 tcp(s)://lcent12:9510(9510)/ - System Component
Type: OBIPS
    Scanning endpoint OBIPS.obips1 tcp(s)://lcent12:9507(9507)/ - System Component
Type: OBIS
    Scanning endpoint OBIS.obis1 tcp(s)://lcent12:9514(9514)/ - System Component
Type: OBISCH
    Scanning endpoint OBISCH.obisch1 tcp(s)://lcent12:9511(9511)/ - System Component
Type: BI-SECURITY-SOAP
    Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://lcent12:9505/bi-security/service - custom channel bi_internal_channel1

Summary: Out of 6 endpoints 5 succeeded, 0 had warnings, and 1 failed.

Ping successes (5):
Target: obiccs1:OBICCS @ lcent12:9508
  Java client: SSL ping OK.  
     Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
  Openssl client: SSL ping OK.  
Target: obijh1:OBIJH @ lcent12:9510
  Java client: SSL ping OK.  
     Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
  Openssl client: SSL ping OK.  
Target: obips1:OBIPS @ lcent12:9507
  Java client: SSL ping OK.  
     Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
  Openssl client: SSL ping OK.  
Target: obis1:OBIS @ lcent12:9514
  Java client: SSL ping OK.  
     Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
  Openssl client: SSL ping OK.  
Target: obisch1:OBISCH @ lcent12:9511
  Java client: SSL ping OK.  
     Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
  Openssl client: SSL ping OK.  

Ping warnings (0):

Ping failures (1):
Target: bi_server1:BI-SECURITY-SOAP @ lcent12:9505
  Java client: SSL ping OK.  
     Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
  Openssl client: SSL connection failed.  See detailed log output.

The first certificate to expire will expire on: 36-4-9 上午11:10
All certificates have more than 30 days to expiry.