TLS 1.2, LDAPS and EPM 11.1.2.4

Hi,

That action in the blog post was done specifically for a LDAP-based TLS communication (LDAPS), and the refence MOS note was the following ->

SSL Enabled Windows 2016 MSAD External Directory from Essbase Server. ERROR: JAVAX.NAMING.COMMUNICATIONEXCEPTION: SIMPLE BIND FAILED: LDAPSERVER.COM:636 [ROOT EXCEPTION IS JAVA.NET.SOCKETEXCEPTION: CONNECTION RESET (Doc ID 2482392.1)

The document above suggest both JDK 6_181 (or later) or JDK 1.7..

So in order to be in the safe side, JDK 1.7 may be choosen here.
However, in our case this kind of an upgrade didn't solve our issue. (as you may already saw it in the blog post)

One last thing, Hyperion 11.1.2.4 doesn't support the TLS directly ( I mean TLS for HTTPS communication). We put an OHS 11.1.1.9 in front of it and offload the TLS/SSL work to that OS to do the trick as documented in ->

Does EPM to Support TLS 1.2 Communication via OHS? (Doc ID 2179810.1)

This is ofcourse for enabling/terminating the TLS communication at OHS level.
But, if you want a full SSL implementation in your EPM, I mean if you want to have SSL traffic between your HTTP Servers and Weblogic Server as well, then you will some extra work.

So, in that case we need to talk about a proxy OHS (11.1.1.9) in front of the original OHS of EPM+ WLS patching (for supporting TLS 1.2 in weblogic level) + JDK upgrade here (again for supporting TLS 1.2 in code level), and it is like an experimental configuration as it is not documented for TLS 1.2 :)

That mean, if you want to have a full TLS 1.2 implementation in your EPM, then you need to do extra work and it seems risky to me.

Check this community discussion ->

Enabling Full SSL deployment of Oracle EPM 11.1.2.4 environment to support TLS 1.1/1.2

Link : https://community.oracle.com/thread/4283550