Oracle® Collaboration Suite SSL Configuration Release 2 (9.0.4) Part Number B15611-01 |
|
|
View PDF |
This chapter explains how to configure SSL connections to the Application Server Single Sign-On Server Administration interface, which resides in the Infrastructure tier.
This involves the following high-level steps:
Section 5.1, "Enabling SSL for the Oracle9iAS Single Sign-On HTTP Server"
Section 5.3, "Configuring the Oracle9iAS Single Sign-On URLs for HTTPS"
The file $ORACLE_HOME/Apache/Apache/conf/httpd.conf
on the Infrastructure tier is used to configure the HTTP Server for SSL, where $ORACLE_HOME
is the directory where the Oracle Collaboration Suite Infrastructure is installed.
To enable SSL on the Oracle9iAS Single Sign-On HTTP Server:
Open the $ORACLE_HOME/Apache/Apache/conf/httpd.conf
on the Infrastructure tier.
Within this file, the SSL parameters reside within a VirtualHost
definition. You must change the Port
directive from 4443 to 443
and the ServerName
directive to webcacheipaddress
(for a single-box installation) or infratierhostname
(for a distributed installation). See the following example:
<VirtualHost _default_:443>
ServerName webcacheipaddress|ifratierhostname
Port 443
SSLEngine on
SSLVerifyClient none
</VirtualHost>
After making these changes in the httpd.conf
file, run the Distributed Configuration Management (DCM) utility to update your configurations and then restart the server. Run the following commands on the Infrastructure server:
dcmctl updateconfig -d -v dcmctl stop -ct ohs dcmctl start -ct ohs -v
To configure the plsql
module for SSL, environment variables need to be added to the database access descriptor (DAD) of the Single Sign-On server. Navigate to the dads.conf
file located in the $ORACLE_HOME/Apache/modplsql/conf/dads.conf
directory on your Infrastructure server.
Add the following parameters to the end of the <Location /pls/orasso>
container, using webcacheipaddress
for a single-box installation or infratierhostname
for a distributed installation:
PlsqlCGIEnvironmentList SERVER_NAME=webcacheipaddress|infratierhostname PlsqlCGIEnvironmentList SERVER_PORT=443 PlsqlCGIEnvironmentList REQUEST_PROTOCOL=https PlsqlCGIEnvironmentList HTTP_HOST=webcacheipaddress|infratierhostname:443 </Location> #Do not insert this line. It already exists, shown for reference only
To enable the Oracle9iAS Single Sign-On server for SSL, all references to HTTP in the Oracle9iAS Single Sign-On URLs must be changed to HTTPS. The script ssocfg.sh
is provided for this purpose. Run this script on your Infrastructure tier as follows:
Ensure that your LD_LIBRARY_PATH
environment variable is updated as follows:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib:$ORACLE_HOME/jlib export LD_LIBRARY_PATH
Run the ssocfg.sh
script as follows, supplying either webcacheipaddress
(for a single-box installation) or infratierhostname
(for a distributed installation):
$ORACLE_HOME/sso/bin/ssocfg.sh https webcacheipaddress|infratierhostname 443
Restart the server for the changes to take effect by running the following commands:
opmnctl stopall opmnctl startall
Access the following URL to ensure that you can access the Oracle9iAS Single Sign-On Administration over SSL:
For a single-box installation:
https://webcacheipaddress/pls/orasso
For a distributed installation:
https://infratierhostname/pls/orasso