With more and more folks migrating Oracle EPM 220.127.116.11 / Hyperion from on-premises data centers to 3rd-party hosted environments, the topics of Secure Socket Layer ("SSL") and support for TLS 1.2 are becoming much more common conversations.
The devil, of course, is in the details.
As a matter of policy, many 3rd-party hosting companies and/or IT departments are disabling SSL protocols 2.0, 3.0, TLS 1.0, and TLS 1.1 by default. Security vulnerabilities for those older protocols are to blame. This leaves us with TLS 1.2 as the preferred option for SSL.
The problem, though, is EPM 18.104.22.168 uses Oracle HTTP Server ("OHS") 22.214.171.124 under the covers, and guess what? OHS 126.96.36.199 cannot support any TLS protocol higher than version TLS 1.0.
But wait! Isn't EPM 188.8.131.52 certified by Oracle to use Microsoft IIS 8.5 as the web proxy, which supports TLS 1.2? Yes, indeed it is. But, the SSL configuration documentation for EPM 184.108.40.206 is OHS-centric; the IIS-related matters are incomplete and several important configuration details are missing in various blogs and Knowledge Base articles. (Case in point: manual edits required for iisproxy.ini are completely missing in the EPM-centric documentation currently available as of this writing).
This brings us to the Oracle Knowledge Base article named "How To Update OHS 220.127.116.11 In EPM System To 18.104.22.168 (Doc ID 2406726.1)"
This article provides steps on how to perform an in-place upgrade from OHS 22.214.171.124 to 126.96.36.199 for EPM 188.8.131.52. Oracle certifies that OHS 184.108.40.206 supports the TLS 1.2. SSL protocol. The procedure to upgrade OHS is easy to follow.
But, there's a catch, and this is the point of today's blog post.
OHS 220.127.116.11 and Hyperion Calculation Manager 18.104.22.168 do not play well together! After applying the OHS 22.214.171.124 in-place upgrade, attempting to login to Calculation Manager 126.96.36.199 results in a blank tab in EPM Workspace. There are no blog posts or Knowledge Base articles on how to fix this.... until now!
The fix is buried within the release notes for the EPM Shared Services patch 188.8.131.52.500.
Open a command prompt and CD to your Oracle EPM Instance home's \bin folder on any of your Hyperion servers. The default location for this is D:\Oracle\Middleware\user_projects\epmsystem1\bin for most Microsoft-based systems. UNIX nerds like me; you know the drill! (Swap the direction of the slashes)
Paste this command:
epmsys_registry addProperty /CALC_MANAGER_PRODUCT/@BINDOWS_ENABLED true
Then restart your Calculation Manager service, and you're good to go.
What you've just done is you went back in time to the 184.108.40.206.0 days and instructed Calculation Manager that it should not use the 220.127.116.11.500+ Application Development Framework ("ADF") interface, which apparently OHS 18.104.22.168 has an issue with.
Hopefully, Oracle will use a future patch to remediate this. But for now, carry on and be safe out there!