Become Oracle Apps DBA

Today I am winding up SSL configuration in Apps with explanation, Check Previous Post on SSL at

Overview of SSL in Apps http://becomeappsdba.blogspot.com/2006/10/overview-of-ssl-in-oracle-applications.html
Overview of SSL in Apps Web Server http://becomeappsdba.blogspot.com/2006/10/configure-ssl-or-https-for-oracle-apps.html

SSL Configuration on Web Server broad level Steps
1.1 Create Certificates Using openssl (You can try OWM Oracle Wallet Manager as well)
1.2 Change Context File parameters mentioned in previous post mentioned above
1.3 run Autoconfig
1.4 Test Application

For detailed stesp by step guide for implementing SSL on E-Business Suite follow Metalink Note # 123718.1 11i: A Guide to Understanding and Implementing SSL for Oracle Applications
Above note covers SSL for Web Server , Form Server & Database Server , In typical Implementation you can configure SSL just to web server Node.

Few Important Note/Points w.r.t. SSL

SSL with Multiple Middle Tier
1. If you have multiple middle tier like server1, server2 ..serverN with load balancer infront of them & assume load balancer & assume that you access your apps via URL http://teachmeoracle.com which means ServerName in httpd.conf will have value teachmeoracle.com and while generating SSL under create CSR (Certificate Signing Request)phase Common Name should be same as ServerName in httpd.conf
2. You can use same Certificates as long as ServerName in httpd.conf are same

Cloning SSL Instances
If you are cloning already configured SSL to Target Instance, you need to create new Certificates on Target Instance. If target Instance was previously configured with SSL before cloning take a backup of SSL certificates (By Default certificates are in $IAS_ORACLE_HOME/Apache/Apache/certs/apache ssl.crt & ssl.key) and replace them after cloning.

If you are not sure about location of Certificates , check following directive in Context File ( *.xml file )
web_ssl_directory
web_ssl_keyfile
web_ssl_certfile
web_ssl_certchainfile

Performance with SSL
Yes, there be little bit performance degradation with SSL as server take some time to encrypt & decrypt messages/packets between Client & Server but there will not be big performance degradation. If you can't afford performance hits because of SSL you can use
SSL Accelerators

Related Links
123718.1 11i: A Guide to Understanding and Implementing SSL for Oracle Applications
http://becomeappsdba.blogspot.com/2006/10/overview-of-ssl-in-oracle-applications.html
http://becomeappsdba.blogspot.com/2006/10/configure-ssl-or-https-for-oracle-apps.html

Post your comments on how you find this document ...
Was this useful ? Should I explain in more detail or you need step by step guide
Your Feedback & Comment is quite important in Improving Contents on this Site

http://teachmeoracle.com/forum <- Forum Dedicated to Apps DBA's

Labels: 11i, ssl

We have moved to
http://onlineAppsDBA.com
kindly check onLineAppsDBA.com in future

del.icio.us ¦

Digg This ¦ My Yahoo!

My Yahoo ¦ Reddit

Reddit ¦ add to BlinkList

BlinkList ¦ Furl It

Furl It ¦

Email This ¦ Leave Your Comments

posted by Atul Kumar @ 3:17 PM 8 Comments

We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future

Configure SSL or HTTPS for Oracle Apps 11i

Thursday, October 26, 2006

Yesterday we looked at SSL overview in Oracle Applications 11i, you can look at that post from link

http://becomeappsdba.blogspot.com/2006/10/overview-of-ssl-in-oracle-applications.html

Lets continue with where we left yesterday

What happens when we enable SSL in Oracle Web Server ?
I am assuming that SSL is already enabled at web server , so you type url with protocol as https (where s stands for Secure ), web server understand that this is SSL request so Web Server sends its certificates back to client stating its identity & with that its send a Public key which your browser use to encrypt & decrypt message send by Web Server . Web Server uses its private key(known to itself only, stored in either wallet or ssl directory discussed later in this post) & public key(key which is known to everyone) to encrypt & decrypt messages. SSL has build in feature which assures that data is not tempered with its from valid source . If you don't understand all this at this minute don't worry you still can configure SSL. This entire concept is called as PKI (Publick Key Infrastructure)

Myth about SSL Port in webserver ?
Do I need to only Use on port 443 for Web Server SSL Port ?? not at all , port 443 is standard port for HTTPS as port 80 for HTTP. You can use HTTPS on any port as long as port is listening for HTTPS requests .

Overview of Steps in configuring SSL over Web Server in Oracle Apps 11i ?
I am mentioning over view of configuring SSL on web server in Oracle Applications (If you wish to configure SSL for Forms Server & Database Servers ) Steps mentioned here are for Autoconfig Enabled system & Apache 1.0.2.2.2 and higher (If you are not aware of your Apache/httpd version check here http://teachmeoracle.com/version.html)
1. Create your SSL Certificates (I'll cover later how to generate SSL certificates for Web Server)
2. Configure SSL parameters for web server variables via OAM or by changing Context File (xml file in APPL_TOP) These parameters I'll discuss shortly.
3. Copy SSL Certificates created in step1 above, in SSL directories (Discussed Later) or Wallets (If you are using Oracle Wallets to store your certificates)
4. Run Autoconfig to take new parameters to take into effect
5. Test Applications with SSL

Please note that above steps are for implementing SSL only on Web Server there are additional steps if you want to configure SSL on Form Server & Database Server . (I am not mentioning them here as this is not common)

What is meant by creating SSL Certificates ?
You remember above I discussed that server sends its certificates (public) to browser & uses private key to encrypt & decrypt messages . So steps in creating Certificates are
1. Create Private key using openssl
2. Create certificate request using private key created above
3. Submit request file to Certifying Authority like verisign
4. Get Certificates from certifying Authority (CA)
If you are testing SSL you can use test certificates supplied with Web Server

What are various parameters in XML file (CONTEXT File) w.r.t. SSL ?
s_web_ssl_directory - Directory where SSL certificates are stored
s_url_protocol - https means you are using ssl (Default is http)
s_local_url_protocol - change it to https for SSL
s_webssl_port - Apache SSL port
s_active_webport - same as s_webssl_port
s_webport - same as s_webssl_port

Lot more coming in next post on configure SSL with Oracle Apps 11i....

Labels: 11i, ssl

We have moved to
http://onlineAppsDBA.com
kindly check onLineAppsDBA.com in future

del.icio.us ¦

Digg This ¦ My Yahoo!

My Yahoo ¦ Reddit

Reddit ¦ add to BlinkList

BlinkList ¦ Furl It

Furl It ¦

Email This ¦ Leave Your Comments

posted by Atul Kumar @ 8:56 PM 6 Comments

We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future

Overview of SSL in Oracle Applications 11i

Wednesday, October 25, 2006

Today I am going to cover overview of SSL & various components of oracle Apps in which you can configure SSL.

If you encounter any Issues or got any doubts w.r.t. Oracle Applications create a Thread in Oracle Apps Forum at http://teachmeoracle.com/forum

What is SSL ?
SSL stands for Secure Socket Layer which is protocol developed by Netscape. Data Transferred between Server & Client is Secured (Encrypted)

Why I need a SSL in Oracle Applications ?
Usually data transmitted between client machine & server (Web Server on http protocol & Forms Server on Sockets ) is clear text packets. Any one can put Packet Sniffer between Client machine & Server & can open & read all data transaction between your machine & Server (If he/she has network access) Hacker can get your Username/Password or any sensitive data. This become critical when you have Internet access to Oracle Applications 11i (Usually Self Service Implementation)

Where I need to configure SSL in Apps ?
Communication between Client & Oracle Applications happen via three components.
--Oracle Web Server (Initial Connection & all self service access is via Web Server/Apache). If your Form Server is in servlet Mode then Core Applications are also accessed via Web Server (Jserv Component)
--Oracle Form Server : For Core Oracle Application Access (Forms)
--Database : You access web server which in turn talks to database Server via UTL_HTTP package via dad (/pls/$SID)

So You enable SSL on particular component depending on your requirement & component which is accessible over Internet & should be secured. You can Implement across all three component or only one or any two.

What is common deployment for Internet Facing Oracle Applications ?
Though you can configure SSL for Web, Forms & database for extra Security but Usually most prone & Internet facing component is Web Server (For Self Service Applications) so common trend is to Enable SSL between Client Machine & Web Server (Apache) in Oracle Applications.

What will happen w.r.t. Data communication after enabling SSL ?
By default you access Applications over HTTP (Hyper Text Transfer Protocol) but after enabling SSL on web server you will access via HTTPS (Secure) . Data will be encrypted at one end & decrypted at other end.

More on
How Data Encryption Happens ....
Is there any performance overheads ....
What is openssl & oracle Wallets ...
How to configure SSL in Oracle Apps 11i ...
and lot more on SSL coming in Next Post

Those of you who want to raise questions/doubts problems , can now do same via Forum http://teachmeoracle.com/forum (Dedicated to Apps DBA, for Fast Response from some of Best Apps DBA's). Check others doubts & you can answer them.

Labels: 11i, ssl

We have moved to
http://onlineAppsDBA.com
kindly check onLineAppsDBA.com in future

del.icio.us ¦

Digg This ¦ My Yahoo!

My Yahoo ¦ Reddit

Reddit ¦ add to BlinkList

BlinkList ¦ Furl It

Furl It ¦

Email This ¦ Leave Your Comments

posted by Atul Kumar @ 3:43 PM 3 Comments

About Me

Name: Atul Kumar
Home: London, United Kingdom

About Me: I am Independent Oracle consultant. If you wish to hire me on Contract or to Quote on project basis contact me at
atul @ onlineappsdba.com

See my complete profile

E-mail Subscription

http://onlineAppsDBA.com

http://onlineAppsDBA.com

http://onlineAppsDBA.com

Recent Comments