I have helped one of the reader of the Blog Sibusiso Maphalala to enable SSL on Discoverer server which is already integrated with Ebiz 11.5.10. He is working as Apps DBA in South Africa. He has kindly agreed to share his experience with the reader of the blog. I sincerely thank the Author of this article Sibusiso Maphalala for his efforts preparing document. Thank you Sibusiso. All credits go to you.
Environment:
EBusiness suite 11.5.10 installed on Sun Solaris with SSL already enabled.
BI installation of Application Server done on the same Sun Solaris Mid Tier Unix server
Same SSL sertificates used for both Ebiz and Discoverer
NOTE:
All configurations are done as the Oracle BI Installation Owner User
It is assumed that the E-Business Suite configuration is already on SSL
Make a backup copy of any files before they are edited
$ORACLE_HOME means the Discoverer Home unless otherwise stated
Step 1: Security Certificates
1) Change to $ORACLE_HOME/Apache/Apache/conf directory
2) Create the following two folders:
ssl.crt
ssl.key
3) Copy the following certificate files from the E-Business Suite installation into the new folders:
| Source Folder | Source File | Destination Folder |
| ssl.crt | server.crt | ssl.crt |
| ssl.crt | ca.crt | ssl.crt |
| ssl.key | server.key | ssl.key |
Check to ensure the ca.crt file is a valid CA Chain file, if not follow the section below to recreate the file:
From Internet Explorer:
Open the E-Business Suite Home Page.
Click on the security lock next to the URL and select “View certificates”.
On Certification Path tab
Choose the 1st Certificate in the list
Go to the Details tab
Select “Copy to File…”
Save as ca1.cer in Base-64 Format
Go Back to Certification Path tab
Choose the 2nd Certificate in the list
Go to the Details tab
Select “Copy to File…”
Save as ca2.cer in Base-64 Format
Copy the files to the Discoverer Server in the following folder:
$ORACLE_HOME/Apache/Apache/conf/ ssl.crt
Concatenate the two files into a single file by running:
cat ca1.cer ca2.cer > ca.crt
Step 2: Creating an Oracle Wallet
1) Chose a location for the new Oracle Wallet. In this installation a folder named wallet was created in $ORACLE_HOME/Apache/Apache/conf/ssl.wlt
2) From within the newly created folder run the following command to create a new Oracle Wallet and import the existing Certificates:
$ORACLE_HOME/Apache/Apache/bin/ssl2ossl –cert
where:
The parameter ssowallet determines whether the wallet is set for Auto Login or not.
3) Test the new Oracle Wallet and check the entries by running the owm command to open the wallet. The password for the wallet was set in the previous step.
Step 3: Configuration Changes for HTTP Server
1) In $ORACLE_HOME/opmn/conf/opmn.xml file set:
2) In $ORACLE_HOME/Apache/Apache/conf/httpd.conf comment out the lines listing current port numbers – this will ensure the current non-ssl ports can be used as ssl ports:
#Port 7777
#Listen 7778
3) In $ORACLE_HOME/Apache/Apache/conf/ssl.conf make the following changes in the SSL Support Section (only the lines to be changed is listed):
Listen 7778
…
….
ServerName apps01.mycompany.za
…
….
Port 7777
…
….
SSLWallet file: $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/wallet
In next article we will see webcache configuration, Disco configuration and Ebiz configuration.
Happy Sharing. Once again Thank you Sibusiso.
1 comment:
wow, where can we see this information.
Post a Comment