oracle-http-server-ohs-configure-ssl

Oracle HTTP Server (OHS) 11g and 12c : Configure SSL

This article describes how to configure SSL for Oracle HTTP Server
(OHS) 11g and 12c.
* [46]Configuration Options
* [47]Create a Wallet and Certificate
* [48]Edit ssl.conf

Related articles.
* [49]Linux HTTP Server Configuration : SSL Configuration (HTTPS)
* [50]Creating Self-Signed SSL Certificates
* [51]WebLogic Server 11g and 12c : Configure SSL for a Managed
Server

Configuration Options

Oracle HTTP Server (OHS) is an Apache HTTP Server with some extra
modules included, so we can take the normal approach of configuring SSL
like any other Apache server, as described in this article.
* [52]Linux HTTP Server Configuration : SSL Configuration (HTTPS)

By default OHS uses a wallet containing a demo certificate to enable
HTTPS. We should replace this demo certificate with a self-signed
certificate or a certificate from a certificate authority. This article
will describe replacing the demo certificate with self-signed
certificate.

Create a Wallet and Certificate

The following article includes a number of methods for creating
certificates, keystores and wallets.
* [53]Create Self-Signed SSL Certificates : orapki (Oracle)

Here is an example of creating a wallet containing a self-signed
certificate.
mkdir -p ~/wallet
cd ~/wallet

$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123
-auto_login

$MW_HOME/oracle_common/bin/orapki wallet add -wallet ./ -pwd WalletPasswd123 \
-dn "CN=`hostname`, OU=Example Department, O=Example Company, L=Birmingham, ST
=West Midlands, C=GB" \
-keysize 1024 -self_signed -validity 3650

If you have an existing JKS keystore used to SSL enable WebLogic
managed servers, you can create a wallet from it with the following
commands.
mkdir -p ~/wallet
cd ~/wallet

$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123
-auto_login

$MW_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd WalletPas
swd123 \
-keystore ~/keystore/identity.jks -jkspwd KeystorePassword123

Edit ssl.conf

Edit the "$INSTANCE_HOME/ssl.conf" file, making the following changes.
From:
SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/i
nstances/${COMPONENT_NAME}/keystores/default"
To:
#SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/
instances/${COMPONENT_NAME}/keystores/default"
SSLWallet "/home/oracle/wallet"


From:
#SSLCipherSuite ...........
To:
#SSLCipherSuite ...........
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!DES:!DHE:!RSA

You must restart OHS for the changes to take effect.
$DOMAIN_HOME/bin/stopComponent.sh ohs1
$DOMAIN_HOME/bin/startComponent.sh ohs1

For more information see:
* [54]Linux HTTP Server Configuration : SSL Configuration (HTTPS)
* [55]Creating Self-Signed SSL Certificates
* [56]WebLogic Server 11g and 12c : Configure SSL for a Managed
--------------------------
Source .... : https://oracle-base.com/articles/12c/oracle-http-server-ohs-configure-ssl
--------------------------