|Oracle9i Application Server Installation Guide
Release 1 (v126.96.36.199.2) for AIX-Based Systems, Compaq Tru64 UNIX, HP 9000 Series HP-UX, and Linux Intel
Part Number A95909-01
This appendix describes the method of enabling SSL for Oracle HTTP Server. The following topics guide you through the necessary steps:
Perform the following steps to generate a certificate request:
prompt> ORACLE_HOME/Apache/open_ssl/binopenssl md5 *>rand.dat prompt> ORACLE_HOME/Apache/open_ssl/binopenssl genrsa -rand rand.dat -des3 1024>server.pem prompt> ORACLE_HOME/Apache/open_ssl/binopenssl req -new -key server.pem -out server.pem -config ./openssl.cnf
When you run the final command, a certificate request is generated. The following is an example of a certification request:
Country Name (2 letter code) [AU]: US State or Province Name (full name)[Some-State]: California Locality name (eg, city) : Redwood Shores Organization Name (eg, company) [Internet Widgits Pty Ltd}: Oracle Organizational Unit Name (eg, section) : EITQA Common Name (eg, YOUR name) :machine.us.oracle.com Email Address : firstname.lastname@example.org
Enter the following "extra" attributes to be sent with your certification request. This step is optional.
Be sure to take note of the following:
Be sure that you get the Root Trial CA certificate by going to the URL mentioned in the Certificate Authority email. Export that certificate from the browser to a file named
rootcacert.crt. If you are getting a trial certificate, only then do you need to put the trial CA certificate in the browser.
Make the following changes to the
httpd.conf file to enable SSL:
# # This port is used when starting without SSL Port 7777 # This port is used when starting with SSL <IfDefine SSL> Port 7777 Port 7788 </IfDefine> ## ##SSL Support ## ##When we also provide SSL we have to listen to the standard HTTP port ##(see above) and to the HTTPS port ## <IfDefine SSL> Listen 7777 Listen 7788 </IfDefine> ## ##SSL Virtual Host Context ## <VirtualHost_default_:7788>
httpd.conffile to your certificate, search for
SSLCertificateFileand make this entry as below pointing to your certificate that came from the certificate authority. This is illustrated in the following example:
SSLCertificateFile .../Apache/Apache/conf/ssl.crt/server.crt Entry for Server Private Key SSLCertificateKeyFile .../Apache/Apache/conf/ssl.key/server.pem Entry for Server Certificate Chain: (The Root Trial CA Certificate) SSLCertificateChainFile .../Apache/Apache/conf/ssl.crt/rootcacert.crt Entry for Certificate Authority (CA): as below #Certificate Authority (CA): #Set the CA certificate verification path where to find CA #certificates for client authentication or alternatively one #huge file containing all of this (file must be PEM encoded). #Note: Inside SSLCACertificatePath you beed hash symlinks #to point to the certificate files. Use the provided #Makefile to update the hash symlinks after changes. #SSLCACertificateFile conf/ssl.crt/ca-bundle.crt SSLCACertificateFile conf/ssl.crt SSLCACertificateFile conf/ssl.crt/rootcacert.crt
For information on enabling SSL for Oracle9iAS Portal, refer to Oracle Portal 3.0.8 Configuration Guide.