Art of BI: Installing BITeamwork on SSL Configured WebLogic Admin Server

Although not a very common integration but every now and then an organization will install OBIEE with SSL configured between the components. We probably see a bit more a company’s configuration of the Middleware WebLogic Administration Console with SSL.  This means that normally in order to access the WebLogic Administration Console, one would access it through http://servername:7001. That is HTTP, Server Name, and Port 7001 which are the defaults.  Some customers like to adjust this for security reasons such that for example usernames and passwords are not transferred over the network in “plain text”.  To do this they configure SSL and usually switch the port in the WebLogic Administration Console configuration for the admin server.  Clearly this involves a SSL certificate to be issued and configured on server if done correctly.

BITeamwork uses WLST to install itself onto the WebLogic Server.  The base install script that is provided with BITeamwork will fail in this SSL WebLogic Admin Server configuration as all WLST script must interact with the Weblogic Admin Server. So this blockage will result in an error within the install script because it is configured to install against a non-SSL admin server by default.

Errors that have been reported are similar to the ones below:

• javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://
• Destination unreachable; nested exception is: java.net.SocketException: Connection reset: No available router to destintation

or

We fix this by conducting the following steps.

1. Change the WEBLOGIC_URL variable from t3://localhost:7001 to have a t3s protocol which looks like t3s://localhost:7001, clearly here localhost could be change to the name of the server you are running the install script on or for.
2. Add the following text, adjusted with you security keystore name, above the WEBLOGIC_URL variable setting:
   • JVM_ARGS=”-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust”

   For step #2 remember to leave the quotes on a Linux/Unix OS but remove them on a Windows OS.

More detail about this solution can be found at, http://docs.oracle.com/cd/E13222_01/wls/docs92/config_scripting/wlst_faq.html#wp1061899, an excerpt of that page providing the solution is here:

If I have SSL or the administration port enabled for my server, how do I connect using WLST?

If you will be connecting to a WebLogic Server instance through an SSL listen port on a server that is using the demonstration SSL keys and certificates, invoke WLST using the following command:

java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust weblogic.WLST