Thursday, November 24, 2011

Configuring ssl/https on Oracle apps 11i

1. create cert directories

mkdir $COMMON_TOP/admin/certs

cd $COMMON_TOP/admin/certs

mkdir ssl.crt ssl.key


2. get openssl env

export OPENSSL_TOP=$IAS_ORACLE_HOME/Apache/open_ssl
export OPENSSL_CONF=$IAS_ORACLE_HOME/Apache/open_ssl/bin/openssl.cnf


3. Create randon file

touch ortest
$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd
ls -la $HOME/.rnd
-rw-r--r-- 1 applmgr dba 55 Oct 20 02:13 /home/applmgr/.rnd

4. Generate 2048 bit private key

$OPENSSL_TOP/bin/openssl genrsa -des3 -out apache_2048.key 2048

Enter passphrase of your choice


5. Genrate certificate request to be send to vendor to get the certificate

$OPENSSL_TOP/bin/openssl req -config $OPENSSL_CONF -new -key apache_2048.key -out apache_2048.csr

Give inputs as needed below


Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Arizona
Locality Name (eg, city) []:Scottsdale
Organization Name (eg, company) [Internet Widgits Pty Ltd]:abc.cde.com
Organizational Unit Name (eg, section) []:abc.cde.com
Common Name (eg, YOUR name) []:abc.cde.com
Email Address []:abc@abc.com


Note : Organization Name,Organizational Unit Name,Common Name to be given as full name of server or url (in case of virtual url ) , else certificate will create issue while starting apache


6. Send this CSR to the vendor you are buying your cert (make sure it is ftped in binary mode ).

Vendor will provide you with certificate (.crt ) file and root file (ca.crt) .
Vendor could also give you one integrated file .pk7 or .pk9 .Inthis case you need to open cert at your local pc and export certificate to file and root certificates to another file ans save it and ftp in binary mode to server location .




7. Copy the certificate and ca file recieved to the ssl.crt file as created above .

8. Modify follofine contex variables

s_webport=443
s_external_url=https://abc.abc.com
s_webentryurlprotocol=https
s_active_webport=443
s_webssl_port=443
s_apps_portal_url=https://abc.abc.com/pls/ebstst_portal30/portal30.home
s_login_page=https://abc.abc.com/oa_servlets/AppsLogin
s_f60map=https://abc.abc.com/OA_TEMP
s_forms60_https_negotiate_down=TRUE
s_url_protocol=https
s_local_url_protocol=https
s_webentryurlprotocol=https
s_chronosURL=https://abc.abc.com/oracle_smp_chronos/oracle_smp_chronos_sdk.gif
s_webcache_url_protocol=https
s_webcache_https_port=443
s_webcache_http_port=443
webentrty port
ssl_*key
ssl_*cert
ssl_*ca




9. Run autoconfig

10 .Login as root , source the apps env and start apache


good luck .....

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)