DBA Hub

📋Steps in this guide1/3

Oracle HTTP Server (OHS) 11g and 12c : Configure SSL

This article describes how to configure SSL for Oracle HTTP Server (OHS) 11g and 12c.

oracle 12cconfigurationintermediate
by OracleDba
11 views
1

Configuration Options

Oracle HTTP Server (OHS) is an Apache HTTP Server with some extra modules included, so we can take the normal approach of configuring SSL like any other Apache server, as described in this article. - Linux HTTP Server Configuration : SSL Configuration (HTTPS) By default OHS uses a wallet containing a demo certificate to enable HTTPS. We should replace this demo certificate with a self-signed certificate or a certificate from a certificate authority. This article will describe replacing the demo certificate with self-signed certificate.
2

Create a Wallet and Certificate

The following article includes a number of methods for creating certificates, keystores and wallets. - Create Self-Signed SSL Certificates : orapki (Oracle) Here is an example of creating a wallet containing a self-signed certificate. If you have an existing JKS keystore used to SSL enable WebLogic managed servers, you can create a wallet from it with the following commands.

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
mkdir -p ~/wallet
cd ~/wallet

$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123 -auto_login

$MW_HOME/oracle_common/bin/orapki wallet add -wallet ./ -pwd WalletPasswd123 \
  -dn "CN=`hostname`, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB" \
  -keysize 1024 -self_signed -validity 3650

mkdir -p ~/wallet
cd ~/wallet

$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123 -auto_login

$MW_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd WalletPasswd123 \
    -keystore ~/keystore/identity.jks -jkspwd KeystorePassword123
3

Edit ssl.conf

Edit the "$INSTANCE_HOME/ssl.conf" file, amending the following setting to these values. Depending on the components you are using, and any additional configuration you have performed, you should check the following files too. You must restart OHS for the changes to take effect. For more information see: Hope this helps. Regards Tim...

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
SSLProtocol -All +TLSv1
   SSLWallet  "/home/oracle/wallet"
   SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!DES:!DHE:!RSA

$INSTANCE_HOME/httpd.conf
$INSTANCE_HOME/admin.conf

$DOMAIN_HOME/bin/stopComponent.sh ohs1
$DOMAIN_HOME/bin/startComponent.sh ohs1

Comments (0)

Please to add comments

No comments yet. Be the first to comment!