|
We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
| Configure SSL or HTTPS for Oracle Apps 11i |
| Thursday, October 26, 2006 |
|
Yesterday we looked at SSL overview in Oracle Applications 11i, you can look at that post from link
http://becomeappsdba.blogspot.com/2006/10/overview-of-ssl-in-oracle-applications.html
Lets continue with where we left yesterday
What happens when we enable SSL in Oracle Web Server ?
I am assuming that SSL is already enabled at web server , so you type url with protocol as https (where s stands for Secure ), web server understand that this is SSL request so Web Server sends its certificates back to client stating its identity & with that its send a Public key which your browser use to encrypt & decrypt message send by Web Server . Web Server uses its private key(known to itself only, stored in either wallet or ssl directory discussed later in this post) & public key(key which is known to everyone) to encrypt & decrypt messages. SSL has build in feature which assures that data is not tempered with its from valid source . If you don't understand all this at this minute don't worry you still can configure SSL. This entire concept is called as PKI (Publick Key Infrastructure)
Myth about SSL Port in webserver ?
Do I need to only Use on port 443 for Web Server SSL Port ?? not at all , port 443 is standard port for HTTPS as port 80 for HTTP. You can use HTTPS on any port as long as port is listening for HTTPS requests .
Overview of Steps in configuring SSL over Web Server in Oracle Apps 11i ?
I am mentioning over view of configuring SSL on web server in Oracle Applications (If you wish to configure SSL for Forms Server & Database Servers ) Steps mentioned here are for Autoconfig Enabled system & Apache 1.0.2.2.2 and higher (If you are not aware of your Apache/httpd version check here http://teachmeoracle.com/version.html)
1. Create your SSL Certificates (I'll cover later how to generate SSL certificates for Web Server)
2. Configure SSL parameters for web server variables via OAM or by changing Context File (xml file in APPL_TOP) These parameters I'll discuss shortly.
3. Copy SSL Certificates created in step1 above, in SSL directories (Discussed Later) or Wallets (If you are using Oracle Wallets to store your certificates)
4. Run Autoconfig to take new parameters to take into effect
5. Test Applications with SSL
Please note that above steps are for implementing SSL only on Web Server there are additional steps if you want to configure SSL on Form Server & Database Server . (I am not mentioning them here as this is not common)
What is meant by creating SSL Certificates ?
You remember above I discussed that server sends its certificates (public) to browser & uses private key to encrypt & decrypt messages . So steps in creating Certificates are
1. Create Private key using openssl
2. Create certificate request using private key created above
3. Submit request file to Certifying Authority like verisign
4. Get Certificates from certifying Authority (CA)
If you are testing SSL you can use test certificates supplied with Web Server
What are various parameters in XML file (CONTEXT File) w.r.t. SSL ?
s_web_ssl_directory - Directory where SSL certificates are stored
s_url_protocol - https means you are using ssl (Default is http)
s_local_url_protocol - change it to https for SSL
s_webssl_port - Apache SSL port
s_active_webport - same as s_webssl_port
s_webport - same as s_webssl_port
Lot more coming in next post on configure SSL with Oracle Apps 11i....Labels: 11i, ssl |
We have moved to kindly check onLineAppsDBA.com in future
|
|
|
 del.icio.us
¦
 Digg This
¦
 My Yahoo
¦
 Reddit
¦
 BlinkList
¦
 Furl It
¦
Email This
¦
Leave Your Comments
|
posted by Atul Kumar @ 8:56 PM
  |
|
| 6 Comments: |
-
Hi Atul,
Thanks for discussing configuring SSL. While cloning SSL based Instance using Rapid Clone, are there any extra steps that needs to be taken care of?
Thanks
Nagarajan
-
Naga,
Very valid points .
No, You don't need to do anything except server certificates generate for new server & replace cloned instance with new one.
I'll cover it in next post . Good & thanks for pointing this out .
Atul
http://teachmeoracle.com
-
Dear Atul,
Thanks for this post. I was also searching for this kind of document. Because I want to configure SSL only for HTTP server.
But as per Oracle doc-id : 123718.1 it has mentioned that "You MUST configure SSL for both the Oracle HTTP Server and Oracle Forms (either the the Forms 6i Server or the Forms Listener
Servlet), these cannot be configured independently."
What is the difference between configuring the SSL only for HTTP server and both HTTP + Forms?
Thanks in Advance.
Shyaam
-
Dear Atul,
Thanks for this post. I was also searching for this kind of document. Because I want to configure SSL only for HTTP server.
But as per Oracle doc-id : 123718.1 it has mentioned that "You MUST configure SSL for both the Oracle HTTP Server and Oracle Forms (either the the Forms 6i Server or the Forms Listener
Servlet), these cannot be configured independently."
What is the difference between configuring the SSL only for HTTP server and both HTTP + Forms?
Thanks in Advance.
Shyaam
-
I found great information from your blog,keep posting this kind of stuff ahead.thanks for share with us.
-
I found great information from your blog,keep posting this kind of stuff ahead.thanks for share with us.
|
| |
| << Home |
| |
|
|
|
|
Hi Atul,
Thanks for discussing configuring SSL. While cloning SSL based Instance using Rapid Clone, are there any extra steps that needs to be taken care of?
Thanks
Nagarajan