SSL Implementation on Standalone OHS 12



Ø Create a Wallet or Keystore
Ø Generate a Certificate Signing Request (CSR)
Ø  Send the CSR to a Certificate Authority (CA)
Ø  Import the Trusted CA Certificate(s)
Ø  Import the Server Certificate
Ø Modifications in ssl config file
Ø Validation of ohs with ssl port
Ø Port modification according to sso enabled port
Ø Bounce application
Ø Sanity checks.














Create a Wallet or Keystore:
[xxxxxxd1@oxxxxxxx3dv ohshome]$ $ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet $ORACLE_HOME/wallet -auto_login
Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Enter password:  
Enter password again:  
Operation is successfully completed.

Generate a Certificate Signing Request (CSR):

Export the Certificate Signing Request:

[xxxxxxd1@oxxxxxxx3dv wallet]$ $ORACLE_HOME/oracle_common/bin/orapki wallet export -wallet $ORACLE_HOME/wallet -dn 'CN=oxxxxxxx3dv.bom.com, OU=Enterprise SSL, O=Biscut Electric Company, L=Boston, ST=MA, C=US' -request $ORACLE_HOME/wallet/server.csr -pwd Welcome1
Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.

Send server.csr to CA team for Certificatate signing

1.            Root: AddTrustExternalCARoot
2.            Intermediate 1: USERTrustRSAAddTrustCA
3.            Intermediate 2: TrustedSecureCertificateAuthority5
4.            Domain: oxxxxxxx3dv_bcom_com
We have Received above 4 certificates from CA Team.

Import the Trusted Certificates into the Wallet:

[xxxxxxd1@oxxxxxxx3dv wallet]$ $ORACLE_HOME/oracle_common/bin/orapki wallet add -wallet $ORACLE_HOME/wallet -trusted_cert -cert $ORACLE_HOME/wallet/AddTrustExternalCARoot.ccc -pwd Welcome1
Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
[xxxxxxd1@oxxxxxxx3dv wallet]$ $ORACLE_HOME/oracle_common/bin/orapki wallet add -wallet $ORACLE_HOME/wallet -trusted_cert -cert $ORACLE_HOME/wallet/USERTrustRSAAddTrustCA.ccc -pwd Welcome1
Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
[xxxxxxd1@oxxxxxxx3dv wallet]$ $ORACLE_HOME/oracle_common/bin/orapki wallet add -wallet $ORACLE_HOME/wallet -trusted_cert -cert $ORACLE_HOME/wallet/TrustedSecureCertificateAuthority5.ccc -pwd Welcome1
Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
[xxxxxxd1@oxxxxxxx3dv wallet]$ $ORACLE_HOME/oracle_common/bin/orapki wallet add -wallet $ORACLE_HOME/wallet -user_cert -cert $ORACLE_HOME/wallet/oxxxxxxx3dv_bcom_com.ccc -pwd Welcome1
Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.

Modifications in ssl config file:
Update the wallet path in ssl.conf

<    #SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/default"
<     SSLWallet "/orpacgd1/grcapp/ohshome/wallet"  

The Wallet is now ready to use with Oracle HTTP Server (OHS):

Verify whether we are able to open ohs with ssl port upon completion of OHS bounce.


Modify the ssl port with sso enable port in ssl.conf file

[xxxxxxd1@oxxxxxxx3dv ohs1]$ diff ssl.conf ssl.conf-bkp12mar18
8c8
< Listen oxxxxxxx3dv.bom.com:8000
---
> Listen oxxxxxxx3dv.bom.com:8443
37c37
< <VirtualHost oxxxxxxx3dv.bom.com:8000>
---
> <VirtualHost oxxxxxxx3dv.bom.com:8443>


Sanity checks:
Do full bounce of application which are running with OHS

   









By - No comments:
Subscribe to: Posts (Atom)