Skip Headers
Oracle® Beehive Installation Guide
Release 1 (1.4) for Solaris Operating System (SPARC 64-Bit)

Part Number E13793-02
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

22 Enabling AJPS

This module describes how to enable (and disable) secure Apache JServ Protocol (AJPS), so that it could be used instead of HTTP for communication between Oracle HTTP Server and OC4J.

By default, AJPS is not enabled when you install Oracle Beehive.

This module covers the following topics:

Enabling AJPS

These steps involve creating wallets and certificates. Because both of these are specific to an Oracle Beehive instances, you must perform the following steps on every Oracle Beehive instance:

  1. Create a keystore with an RSA private/public key pair using the keytool utility.


    A keystore stores certificates, including the certificates of all trusted parties, for use by an application. Through its keystore, an entity such as OC4J (for example) can authenticate other parties, as well as authenticate itself to other parties. (Oracle HTTP Server uses a wallet for the same purpose.

    In Java, a keystore is a instance that you can create and manipulate using the keytool utility that is provided with the Sun Microsystems JDK. The underlying physical manifestation of this object is a file.

    For more information about the keytool utility, refer to

    For additional information, refer to "Using Keys and Certificates with OC4J and Oracle HTTP Server" and "Using SSL with Standalone OC4J" in Chapter 15, "SSL Communication with OC4J" in Oracle Containers for J2EE Security Guide.

    The following example generates a keystore in a file named mykeystore.jks, which has a password of 123456, using the RSA key pair generation algorithm:

    <Oracle home>/jdk/bin/keytool -genkey -keyalg RSA
      -keystore mykeystore.jks -storepass 123456

    In this utility:

    • The keystore option sets the filename where the keys are stored.

    • The storepass option sets the password for protecting the keystore. You can optionally omit this from the command line and be prompted for a password instead.

    The keytool utility prompts you for additional information, as follows:

    What is your first and last name?
      [Unknown]:  Test User
    What is the name of your organizational unit?
      [Unknown]:  Support
    What is the name of your organization?
      [Unknown]:  Oracle
    What is the name of your City or Locality?
      [Unknown]:  Redwood Shores
    What is the name of your State or Province?
      [Unknown]:  CA
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is <CN=Test User, OU=Support, O=Oracle, L=Redwood Shores, ST=CA, C=US> correct?
      [no]:  yes
    Enter key password for <mykey>
            (RETURN if same as keystore password):


    Always press RETURN for the key password. The keystore password must be the same as the key entry password.

    The mykeystore.jks file is created in the current directory. The default alias of the key is mykey.

  2. Export the certificate from the keystore you just created to a file with the keytool utility. The following example exports the certificate into a file named /home/user/cert.txt:

    <Oracle home>/jdk/bin/keytool -export -file /home/user/cert.txt
      -keystore mykeystore.jks -storepass 123456

    Ensure you specify the same password you used to create the keystore.

  3. Import the certificate file into Oracle Wallet.

    1. If you have not already done so, create a wallet and configure it for Oracle Beehive by following the steps described in "Configuring TLS with Oracle Wallet".

    2. Use Oracle Wallet Manager to import the certificate. Select Menu, Operations, Import Trusted Certificate. Save the wallet.

  4. Modify the KeystoreFile property of your Oracle Beehive instance:

    beectl modify_property
      --component <Oracle Beehive instance identifier>
      --name KeystoreFile
      --value <full path name of the keystore file>

    For example, if the identifier of your Oracle Beehive instance is and the full path name of your keystore file is /home/user/cert.txt, then run the following command:

    beectl modify_property
      --name KeystoreFile
      --value /home/user/cert.txt

    To retrieve the identifier of your Oracle Beehive instance, call the following command, where is the host name of your Oracle Beehive instance:

    beectl list_properties --component
    Property name      | Property value                                    
    PrimaryHostName    |                           
    Site               | _CURRENT_SITE                                     
    AlternateHostNames |                                                   
    BeehiveInstances   |
    Alias              |                           
  5. Modify the KeystoreFilePassword property (the command will prompt you for the password):

    beectl modify_secure_property
      --component <Oracle Beehive instance identifier>
      --name KeystoreFilePassword
  6. Modify the AjpsEnabled property of the ManagedOc4jCluster object if it is false:

    beectl modify_property
      --component _CURRENT_SITE:ManagedOc4jCluster
      --name AjpsEnabled
      --value true
  7. Modify the AjpsEnabled property of the HttpServerCluster object if it is false:

    beectl modify_property
      --component _CURRENT_SITE:HttpServerCluster
      --name HttpServerSslEnabled
      --value true
  8. Commit configuration changes by calling the following beectl command:

    beectl activate_configuration


    If the beectl activate_configuration command asks you to run the beectl modify_local_configuration_files command, run this command. The command may restart your application tier.

Disabling AJPS

  1. Set the AjpsEnabled property of the ManagedOc4jCluster object to false (this example also commits configuration changes):

    beectl modify_property
      --component _CURRENT_SITE:ManagedOc4jCluster
      --name AjpsEnabled
      --value false
      --activate_configuration true
  2. Modify local files (the following command may restart the application tier):

    beectl modify_local_configuration_files