If you do want to use openssl based certificate for enabling SSL for Oracle HTTP Server for POC purposes here are the steps to do that. OHS does comes with a test certificate.
1. Create a Wallet using Wallet Manager which gets installed when you install OHS. Create a certificate request. For the request you need to put in the webserver host for CN since we are getting this certificate for web server. Save the Wallet , also while saving select Auto Login. When saved it will create two files cwallet.p12 and cwallet.sso
2. Export the Certificate Request from Wallet Manager . The Export option is available in the Menu. Our Request has been exported into certreq.req file stored on c:\
3. Install OpenSSL. You can get the latest version from openssl.org
4. Genarate the Key by issuing the command below
openssl genrsa -out privkey.pem
Make sure that when issuing this command you don't include -des3 option. This will force you to issue the password everytime and OHS will not start
5. Now generate the RootCA which will sign our request
openssl req -new -x509 -key privkey.pem -out cacert.crt -days 1095
6. Sign the request using the above CA
1. Create a Wallet using Wallet Manager which gets installed when you install OHS. Create a certificate request. For the request you need to put in the webserver host for CN since we are getting this certificate for web server. Save the Wallet , also while saving select Auto Login. When saved it will create two files cwallet.p12 and cwallet.sso
2. Export the Certificate Request from Wallet Manager . The Export option is available in the Menu. Our Request has been exported into certreq.req file stored on c:\
3. Install OpenSSL. You can get the latest version from openssl.org
4. Genarate the Key by issuing the command below
openssl genrsa -out privkey.pem
Make sure that when issuing this command you don't include -des3 option. This will force you to issue the password everytime and OHS will not start
5. Now generate the RootCA which will sign our request
openssl req -new -x509 -key privkey.pem -out cacert.crt -days 1095
6. Sign the request using the above CA
openssl x509 -req -in c:\certreq.req -CA cacert.crt -CAkey privkey.pem -CAcreateserial -out cert.crt
7. Now import the Root Certificate (cacert.crt) and generated Certificate (cert.crt) into Wallet Manager. You need to import the root cert first
8.If you do want to keep the wallet in default location you can move your wallet to the below location. ( This will overwrite the existing wallet). Move both cwallet.p12 and cwallet.sso files
${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default
Note: Make sure that when you save the wallet "Auto Logon" is checked for the wallet.
9. Start the OHS and try accesing the OHS using SSL port . You should see the newly created certificate used for SSL mode
Note: If you do want to keep your wallet in non default location. You need to point to the directory which has the wallet . e.g assuming wallet is stored in c:\wallet directory
Open the ssl.conf file and change the line
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
to
SSLWallet "c:/wallet"
8.If you do want to keep the wallet in default location you can move your wallet to the below location. ( This will overwrite the existing wallet). Move both cwallet.p12 and cwallet.sso files
${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default
Note: Make sure that when you save the wallet "Auto Logon" is checked for the wallet.
9. Start the OHS and try accesing the OHS using SSL port . You should see the newly created certificate used for SSL mode
Note: If you do want to keep your wallet in non default location. You need to point to the directory which has the wallet . e.g assuming wallet is stored in c:\wallet directory
Open the ssl.conf file and change the line
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
to
SSLWallet "c:/wallet"
2 comments:
hi,
Thanks alot for useful post..
in my case through wallet we have generate .csr request & send to CA for approve...he send root.crt & user.crt and i imported both succefully on my wallet..
my query is
" i didn't generate any private key here" & my client ask me to provide key
But without key he authenticate the my .csr & he forward the certificates !!
On wallet key generation is not required for third-party wallets !!
Pls help
The private key can be retrieved from the wallet. If you have an Oracle support account, one or both of the following may solve your issue:
How To Extract A Private Key and Certificate From A Wallet in Fusion Middleware 11g ID 1087516.1
How To Extract A Private Key and Certificate From A Wallet in Oracle Application Server 10g ID 463491.1
Post a Comment