Configuring Discoverer SSL with Ebiz - Part I

Hi Everyone,

I have helped one of the reader of the Blog Sibusiso Maphalala to enable SSL on Discoverer server which is already integrated with Ebiz 11.5.10. He is working as Apps DBA in South Africa. He has kindly agreed to share his experience with the reader of the blog. I sincerely thank the Author of this article Sibusiso Maphalala for his efforts preparing document. Thank you Sibusiso. All credits go to you.

Environment:

EBusiness suite 11.5.10 installed on Sun Solaris with SSL already enabled.
BI installation of Application Server done on the same Sun Solaris Mid Tier Unix server
Same SSL sertificates used for both Ebiz and Discoverer

NOTE:

All configurations are done as the Oracle BI Installation Owner User

It is assumed that the E-Business Suite configuration is already on SSL

Make a backup copy of any files before they are edited

$ORACLE_HOME means the Discoverer Home unless otherwise stated

Step 1: Security Certificates

1) Change to $ORACLE_HOME/Apache/Apache/conf directory

2) Create the following two folders:

ssl.crt

ssl.key

3) Copy the following certificate files from the E-Business Suite installation into the new folders:

Source Folder

Source File

Destination Folder

ssl.crt

server.crt

ssl.crt

ssl.crt

ca.crt

ssl.crt

ssl.key

server.key

ssl.key

Check to ensure the ca.crt file is a valid CA Chain file, if not follow the section below to recreate the file:

From Internet Explorer:

Open the E-Business Suite Home Page.

Click on the security lock next to the URL and select “View certificates”.

On Certification Path tab

Choose the 1st Certificate in the list

Go to the Details tab

Select “Copy to File…”

Save as ca1.cer in Base-64 Format

Go Back to Certification Path tab

Choose the 2nd Certificate in the list

Go to the Details tab

Select “Copy to File…”

Save as ca2.cer in Base-64 Format

Copy the files to the Discoverer Server in the following folder:

$ORACLE_HOME/Apache/Apache/conf/ ssl.crt

Concatenate the two files into a single file by running:

cat ca1.cer ca2.cer > ca.crt


Step 2: Creating an Oracle Wallet

1) Chose a location for the new Oracle Wallet. In this installation a folder named wallet was created in $ORACLE_HOME/Apache/Apache/conf/ssl.wlt

2) From within the newly created folder run the following command to create a new Oracle Wallet and import the existing Certificates:

$ORACLE_HOME/Apache/Apache/bin/ssl2ossl –cert -key -cafile -wallet . –ssowallet yes

where:

=> ../../ssl.crt/server.crt

=> ../../ssl.key/server.key

=> ../../ssl.crt/ca.crt

The parameter ssowallet determines whether the wallet is set for Auto Login or not.

3) Test the new Oracle Wallet and check the entries by running the owm command to open the wallet. The password for the wallet was set in the previous step.

Step 3: Configuration Changes for HTTP Server

1) In $ORACLE_HOME/opmn/conf/opmn.xml file set:

2) In $ORACLE_HOME/Apache/Apache/conf/httpd.conf comment out the lines listing current port numbers – this will ensure the current non-ssl ports can be used as ssl ports:

#Port 7777

#Listen 7778

3) In $ORACLE_HOME/Apache/Apache/conf/ssl.conf make the following changes in the SSL Support Section (only the lines to be changed is listed):

Listen 7778

….

ServerName apps01.mycompany.za

….

Port 7777

….

SSLWallet file: $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/wallet



In next article we will see webcache configuration, Disco configuration and Ebiz configuration.
Happy Sharing. Once again Thank you
Sibusiso.

1 comment:

Puneet Sachar said...

wow, where can we see this information.