Oracle9i Application Server Installation Guide Release 1.0.2.1 for Windows NT/2000 Part Number A88726-01 |
|
This appendix describes the method of enabling SSL for Oracle HTTP Server. The following topics guide you through the necessary steps:
Perform the following steps to generate a certificate request:
openssl.cnf
file to generate the certificate request:
#
#OpenSSL example configuration file #This is mostly being used for generation of certificate requests. # #This definition stops the following lines choking if HOME isn't defined. HOME = RANDFILE=$ENV::HOME/.rnd oid_section=new_oids
Use the commands below to generate the certification request:
...\Apache\open_ssl\bin\openssl md5 *>rand.dat ...\Apache\open_ssl\bin\openssl genrsa -rand rand.dat -des3 1024>key.pem ...\Apache\open_ssl\bin\openssl req -new -key key.pem -out csr.pem -config .\openssl.cnf
When you run the final command, a certificate request is generated. The following is an example of a certification request:
Country Name (2 letter code) [AU]: US State or Province Name (full name)[Some-State]: California Locality name (eg, city) []: Redwood Shores Organization Name (eg, company) [Internet Widgits Pty Ltd}: Oracle Organizational Unit Name (eg, section) []: EITQA Common Name (eg, YOUR name) []:machine.us.oracle.com Email Address []: username@oracle.com
Please enter the following "extra" attributes to be sent with your certification request:
A challange password []: An optional company name []:
Be sure to take note of the following:
csr.pem
file.
portalcert.crt
.
Be sure that you get the Root Trial CA certificate by going to the URL mentioned in the Certificate Authority email. Export that certificate from the browser to a file named rootcacert.crt
.
Make the following changes to the httpd.conf
file to enable SSL:
# # This port is used when starting without SSL Port 80 # This port is used when starting with SSL <IfDefine SSL> Port 80 Port 443 </IfDefine> ## ##SSL Support ## ##When we also provide SSL we have to listen to the standard HTTP port ##(see above) abd to the HTTPS port ## <IfDefine SSL> Listen 80 Listen 443 </IfDefine> ## ##SSL Virtual Host Context ## <VirtualHost_default_:443>
httpd.conf
file to your certificate, search for SSLCertificateFile
and make this entry as below pointing to your certificate that came from the certificate authority. This is illustrated in the following example:
SSLCertificateFile \conf\ssl.crt\portalcert.crt Entry for Server Private Key SSLCertificateKeyFile \conf\ssl.key\key.pem Entry for Server Certificate Chain: (The Root Trial CA Certificate) Entry for Certificate Authority (CA): as below #Certificate Authority (CA): #Set the CA certificate verification path where to find CA #certificates for client authentication or alternatively one #huge file containing all of this (file must be PEM encoded). #Note: Inside SSLCACertificatePath you beed hash symlinks #to point to the certificate files. Use the provided #Makefile to update the hash symlinks after changes. #SSLCACertificateFile conf\ssl.crt\ca-bundle.crt SSLCACertificateFile conf\ssl.crt SSLCACertificateFile conf\ssl.crt\rootcacert.crt
For information on enabling SSL for Oracle9iAS Portal, refer to Oracle Portal 3.0.8 Configuration Guide.
|
Copyright © 2001 Oracle Corporation. All Rights Reserved. |
|