Oracle HTTP Server (OHS) 11g and 12c : Configure SSL
This article describes how to configure SSL for Oracle HTTP Server
(OHS) 11g and 12c.
* [46]Configuration Options
* [47]Create a Wallet and Certificate
* [48]Edit ssl.conf
Related articles.
* [49]Linux HTTP Server Configuration : SSL Configuration (HTTPS)
* [50]Creating Self-Signed SSL Certificates
* [51]WebLogic Server 11g and 12c : Configure SSL for a Managed
Server
Configuration Options
Oracle HTTP Server (OHS) is an Apache HTTP Server with some extra
modules included, so we can take the normal approach of configuring SSL
like any other Apache server, as described in this article.
* [52]Linux HTTP Server Configuration : SSL Configuration (HTTPS)
By default OHS uses a wallet containing a demo certificate to enable
HTTPS. We should replace this demo certificate with a self-signed
certificate or a certificate from a certificate authority. This article
will describe replacing the demo certificate with self-signed
certificate.
Create a Wallet and Certificate
The following article includes a number of methods for creating
certificates, keystores and wallets.
* [53]Create Self-Signed SSL Certificates : orapki (Oracle)
Here is an example of creating a wallet containing a self-signed
certificate.
mkdir -p ~/wallet
cd ~/wallet
$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123
-auto_login
$MW_HOME/oracle_common/bin/orapki wallet add -wallet ./ -pwd WalletPasswd123 \
-dn "CN=`hostname`, OU=Example Department, O=Example Company, L=Birmingham, ST
=West Midlands, C=GB" \
-keysize 1024 -self_signed -validity 3650
If you have an existing JKS keystore used to SSL enable WebLogic
managed servers, you can create a wallet from it with the following
commands.
mkdir -p ~/wallet
cd ~/wallet
$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123
-auto_login
$MW_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd WalletPas
swd123 \
-keystore ~/keystore/identity.jks -jkspwd KeystorePassword123
Edit ssl.conf
Edit the "$INSTANCE_HOME/ssl.conf" file, making the following changes.
From:
SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/i
nstances/${COMPONENT_NAME}/keystores/default"
To:
#SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/
instances/${COMPONENT_NAME}/keystores/default"
SSLWallet "/home/oracle/wallet"
From:
#SSLCipherSuite ...........
To:
#SSLCipherSuite ...........
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!DES:!DHE:!RSA
You must restart OHS for the changes to take effect.
$DOMAIN_HOME/bin/stopComponent.sh ohs1
$DOMAIN_HOME/bin/startComponent.sh ohs1
For more information see:
* [54]Linux HTTP Server Configuration : SSL Configuration (HTTPS)
* [55]Creating Self-Signed SSL Certificates
* [56]WebLogic Server 11g and 12c : Configure SSL for a Managed
--------------------------
Source .... : https://oracle-base.com/articles/12c/oracle-http-server-ohs-configure-ssl
--------------------------
mercredi 21 mars 2018
oracle-http-server-ohs-configure-ssl
Inscription à :
Publier les commentaires (Atom)
Aucun commentaire:
Enregistrer un commentaire