Oracle9i Application Server Installation Guide Release 1.0.2 for Windows NT Part Number A86240-01 |
|
This appendix describes the method of enabling SSL for Apache. The following topics guide you through the necessary steps:
Perform the following steps to generate a certificate request:
openssl.cnf
file to generate the certificate request:
#
#OpenSSL example configuration file #This is mostly being used for generation of certificate requests. # #This definition stops the following lines choking if HOME isn't defined. HOME = RANDFILE=$ENV::HOME/.rnd oid_section=new_oids
Use the commands below to generate the certification request:
...\Apache\open_ssl\bin\openssl md5 *>rand.dat ...\Apache\open_ssl\bin\openssl genrsa -rand rand.dat -des3 1024 > key.pem ...\Apache\open_ssl\bin\openssl req -new -key.pem -out csr.pem -config openssl.cnf
When you run the final command, a certificate request is generated. The following is an example of a certification request:
Country Name (2 letter code) [AU]: US
State or Province Name (full name)[Some-State]: California
Locality name (eg, city) []: Redwood Shores
Organization Name (eg, company) [Internet Widgits Pty Ltd}: Oracle
Organizational Unit Name (eg, section) []: EITQA
Common Name (eg, YOUR name) []:pdarshan-pc.us.oracle.com
Email Address []: username@oracle.com
Please enter the following "extra" attributes to be sent with your certification request:
A challange password []:
An optional company name []:
Be sure to take note of the following:
csr.pem
file.
portalcert.crt
.
Be sure that you get the Root Trial CA certificate by going to the URL mentioned in the Certificate Authority email. Export that certificate from the browser to a file named rootcacert.crt
.
Make the following changes to the httpd.conf
file to enable SSL:
#
# This port is used when starting without SSL
Port 80 # This port is used when starting with SSL
<IfDefine SSL>
Port 80
Port 443
</IfDefine>
##
##SSL Support
##
##When we also provide SSL we have to listen to the standard HTTP port ##(see above) abd to the HTTPS port
##
<IfDefine SSL> Listen 80 Listen 443 </IfDefine> ## ##SSL Virtual Host Context
## <VirtualHost_default_:443>
SSLCertificateFile
and make this entry as below pointing to your certificate that came from the certificate authority. This is illustrated in the following example:
SSLCertificateFile\conf\ssl.crt\portalcert.crt Entry for Server Private Key SSLCertificateKeyFile conf\ssl.key\key.pem Entry for Server Certificate Chain: (The Root Trial CA Certificate) Entry for Certificate Authority (CA): as below #Certificate Authority (CA): #Set the CA certificate verification path where to find CA #certificates for client authentication or alternatively one #huge file containing all of this (file must be PEM encoded). #Note: Inside SSLCACertificatePath you beed hash symlinks #to point to the certificate files. Use the provided #Makefile to update the hash symlinks after changes. #SSLCACertificateFile conf\ssl.crt\ca-bundle.crt SSLCACertificateFile conf\ssl.crt SSLCACertificateFile conf\ssl.crt\rootcacert.crt
|
Copyright © 2000 Oracle Corporation. All Rights Reserved. |
|