| Oracle® Beehive Installation Guide Release 1 (1.5) for Linux x86 Part Number E14830-05 |
|
|
View PDF |
| Oracle® Beehive Installation Guide Release 1 (1.5) for Linux x86 Part Number E14830-05 |
|
|
View PDF |
This module describes how to configure TLS (Transport Layer Security) with Oracle Wallet.
A wallet is a password-protected container that stores authentication and signing credentials, including private keys, certificates, and trusted certificates, all of which are used by SSL for strong authentication.
Oracle Wallet provides a TLS encrypted communication channel that some services support or require, such as XMPP, FTPS, and the Workflow Service. The following steps configure Oracle Beehive to use Oracle Wallet so that clients may access Oracle Beehive with a TLS connection.
Refer to the section "Changing Oracle Wallet Password" to change the password of your Oracle Wallet.
Refer to the section "Configuring TLS on Multiple Instances" if you have more than one Oracle Beehive instance.
Refer to the section "Enabling ORMIS with Password-Protected Oracle Wallet" if you want to enable Oracle Remote Method Invocation over SSL.
Ensure that the environment variable ORACLE_HOME is set to the home directory of Oracle Beehive.
Enable auto login mode for the default wallet with the following command. The default password for the default wallet is welcome:
<Oracle home>/bin/orapki wallet create -wallet <Oracle home>/Apache/Apache/conf/ssl.wlt/default/ -auto_login -pwd welcome
Note:
Alternatively, you may create a new wallet with auto login mode enabled. Use the same command except specify a different directory that does not contain a wallet. You may specify any password when creating a new wallet.The following steps describe how to configure your Oracle Beehive instance to use Oracle Wallet.
Run the following beectl command:
beectl modify_property --component beehive_instance_<instance>.<host name> --name WalletDir --value <Oracle home>/Apache/Apache/conf/ssl.wlt/default
<instance> is the instance name you specified when you installed Oracle Beehive. To retrieve the full instance name, run the command beectl list_components --type BeehiveInstance.
<Oracle home>/Apache/Apache/conf/ssl.wlt/default is the location of the auto login wallet you configured or created previously.
Activate the configuration and restart by running the following beectl command:
beectl activate_configuration
Notes:
If the
beectl activate_configuration command asks you to run the beectl modify_local_configuration_files command, run this command.
The beectl modify_local_configuration_files will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, you must perform steps 1 and 2 before running the beectl modify_local_configuration_files command.
Refer to "Changing the Password" in Chapter 11, "Managing Wallets and Certificates" in Oracle Application Server Administrator's Guide. This involves using Oracle Wallet Manager. Run <Oracle home>/bin/owm to run Oracle Wallet Manager.
For each instance, run all the steps required to configure TLS with Oracle Wallet.
ORMIS is ORMI over SSL or Oracle Remote Method Invocation over Secure Socket Layer. For more information about ORMIS, refer to "Using ORMI/SSL (ORMIS) in OC4J" in Chapter 6, "Using Remote Method Invocation" in Oracle Containers for J2EE Services Guide.
By default, Oracle Beehive is ORMIS enabled using an anonymous cipher suite.
This section covers the following topics:
Modify the property _CURRENT_SITE:ManagedOc4jCluster:OrmisEnabled to false and activate the configuration:
beectl modify_property --component _CURRENT_SITE:ManagedOc4jCluster --name OrmisEnabled --value false
Activate the configuration:
beectl activate_configuration
Run the command beectl modify_local_configuration_files. This command may restart your application tier:
beectl modify_local_configuration_files
Modify the property _CURRENT_SITE:ManagedOc4jCluster to true and activate the configuration:
beectl modify_property --component _CURRENT_SITE:ManagedOc4jCluster --name OrmisEnabled --value true
Activate the configuration:
beectl activate_configuration
Run the command beectl modify_local_configuration_files. This command may restart your application tier:
beectl modify_local_configuration_files
Create a wallet as described in this module.
Modify the property _CURRENT_SITE:ManagedOc4jCluster to true:
beectl modify_property --component _CURRENT_SITE:ManagedOc4jCluster --name OrmisEnabled --value true
Modify the property WalletDir of your Oracle Beehive instance to the path of your Oracle Wallet directory you just created with the following beectl commands:
beectl list_components --type BeehiveInstance ------------------------------------------------------- | Component type | Component identifier | ------------------------------------------------------- | BeehiveInstance | beehive_instance_example.com | ... beectl modify_property --component beehive_instance_example.com --name WalletDir --value <Your wallet directory> Successfully stored the property for component id 09386579-b66c-41d7-96e6-88f44673ec55.
Set the wallet password:
beectl modify_secure_property –-component <Component ID or alias of your Oracle Beehive instance; for example, the previous step used beehive_instance_example.com> --name WalletPassword
This command will prompt you for the wallet password.
Activate the configuration:
beectl activate_configuration
Run the command beectl modify_local_configuration_files. This command may restart your application tier:
beectl modify_local_configuration_files
|
 Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|