|
| Winding Up SSL Implementation in Oracle Apps 11i |
| Tuesday, October 31, 2006 |
|
We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
Today I am winding up SSL configuration in Apps with explanation, Check Previous Post on SSL at
Overview of SSL in Apps http://becomeappsdba.blogspot.com/2006/10/overview-of-ssl-in-oracle-applications.html
Overview of SSL in Apps Web Server http://becomeappsdba.blogspot.com/2006/10/configure-ssl-or-https-for-oracle-apps.html
SSL Configuration on Web Server broad level Steps
1.1 Create Certificates Using openssl (You can try OWM Oracle Wallet Manager as well)
1.2 Change Context File parameters mentioned in previous post mentioned above
1.3 run Autoconfig
1.4 Test Application
For detailed stesp by step guide for implementing SSL on E-Business Suite follow Metalink Note # 123718.1 11i: A Guide to Understanding and Implementing SSL for Oracle Applications
Above note covers SSL for Web Server , Form Server & Database Server , In typical Implementation you can configure SSL just to web server Node.
Few Important Note/Points w.r.t. SSL
SSL with Multiple Middle Tier
1. If you have multiple middle tier like server1, server2 ..serverN with load balancer infront of them & assume load balancer & assume that you access your apps via URL http://teachmeoracle.com which means ServerName in httpd.conf will have value teachmeoracle.com and while generating SSL under create CSR (Certificate Signing Request)phase Common Name should be same as ServerName in httpd.conf
2. You can use same Certificates as long as ServerName in httpd.conf are same
Cloning SSL Instances
If you are cloning already configured SSL to Target Instance, you need to create new Certificates on Target Instance. If target Instance was previously configured with SSL before cloning take a backup of SSL certificates (By Default certificates are in $IAS_ORACLE_HOME/Apache/Apache/certs/apache ssl.crt & ssl.key) and replace them after cloning.
If you are not sure about location of Certificates , check following directive in Context File ( *.xml file )
web_ssl_directory
web_ssl_keyfile
web_ssl_certfile
web_ssl_certchainfile
Performance with SSL
Yes, there be little bit performance degradation with SSL as server take some time to encrypt & decrypt messages/packets between Client & Server but there will not be big performance degradation. If you can't afford performance hits because of SSL you can use
SSL Accelerators
Related Links
123718.1 11i: A Guide to Understanding and Implementing SSL for Oracle Applications
http://becomeappsdba.blogspot.com/2006/10/overview-of-ssl-in-oracle-applications.html
http://becomeappsdba.blogspot.com/2006/10/configure-ssl-or-https-for-oracle-apps.html
Post your comments on how you find this document ...
Was this useful ? Should I explain in more detail or you need step by step guide
Your Feedback & Comment is quite important in Improving Contents on this Site
http://teachmeoracle.com/forum <- Forum Dedicated to Apps DBA's Labels: 11i, ssl |
We have moved to kindly check onLineAppsDBA.com in future
|
|
|
 del.icio.us
¦
 Digg This
¦
 My Yahoo
¦
 Reddit
¦
 BlinkList
¦
 Furl It
¦
Email This
¦
Leave Your Comments
|
posted by Atul Kumar @ 3:17 PM
  |
|
| 8 Comments: |
-
You can save yourself a lot of trouble by putting hardware Proxy/SSL-accelerator in front of your midtier.
-
You can save yourself a lot of trouble by putting a hardware Proxy/SSL-accelerator in front of your midtier.
-
Vitaliy
Can you elaborate on trouble ?
Yes SSL accelerator will improve performance on SSL enabled web tier but there is additioanl cost associated with SSL accelerators
-
Changing SSL certs every time you clone. Dealing with expired SSL certs. Dealing with SSL related security bugs.
While ORACLE APPS has built-in SSL functionality it's not the only and not the best solution out there.
Hardware SSL-accelerator/Proxy can do a much better job on all counts.
-
Seems like interesting comments Vitaliy, And nice guide Atul
-
Hi Atul,
We made our EBS as SSL enable. After SSL we are not able to book Sales order giving error "Configuration validation resulted in error(s)"
According to me some profile is not set correct that's why its giving error. If anyone has SSL enable instance please let me what will be the value of these two:
1)
profile : "BOM:Configurator URL of UI Manager"
2)
select value from cz_db_settings where setting_id='AltBatchValidateURL';
Now we have,
SQL> select value from cz_db_settings where setting_id='AltBatchValidateURL';
VALUE
https://hostname:4443/configurator/oracle.apps.cz.servlet.UiServlet,'file:wallet_directory','password'
Note : we have imported the certificate by wallet manager.
Thanks in advance..
Shekhar..
-
-
how do I troubleshoot SIMPLE BIND FAILED error related to SSL on OID server ?
|
| |
| << Home |
| |
|
|
|
|
You can save yourself a lot of trouble by putting hardware Proxy/SSL-accelerator in front of your midtier.