| Oracle® Collaboration Suite SSL Configuration Release 2 (9.0.4) Part Number B15611-01 |
|
|
View PDF |
| Oracle® Collaboration Suite SSL Configuration Release 2 (9.0.4) Part Number B15611-01 |
|
|
View PDF |
To configure SSL communications for Oracle Collaboration Suite components, you will need to create a wallet for each computer in your installation. A wallet contains the certificates needed for SSL authentication of a server. You can use Oracle Wallet Manager to create wallets for use with Oracle Collaboration Suite components.
This chapter contains the following topics:
To obtain a digital certificate from the relevant certificate authority (CA), you must submit a certificate request (CR) to the CA that uniquely identifies your server. The CA validates your CR and sends you a user certificate for your site. You need to create a wallet in Oracle Wallet Manager that contains your user certificate as well as the trusted certificate of the CA.
To generate a certificate request using Oracle Wallet Manager:
Open Oracle Wallet Manager on the Middle Tier. On UNIX, this can be done by running owm at the command prompt.
Create a new wallet.
Click Wallet, click New, and enter a password when prompted. On UNIX, the wallet is stored by default at /etc/ORACLE/WALLETS/creator_accountname
Click Yes when prompted to create a certificate request. Specify the required information in the Certificate Request dialog box. For Common Name, provide the name or alias of your site, for example, www.abc.com.
Click OK to create the CR. A message is displayed stating that the CR was created successfully. The Certificate node in the Wallet Navigator changes to Requested.
Save the wallet in a directory that can be accessed by all components that will be using the wallet.
Depending on the CA, you may need to copy the CR onto a form on the Web site of the CA or export the CR to a file.
To submit a certificate by copying the CR:
Select the Certificate node in the Wallet Navigator.
Highlight the CR text in the Certificate Request field. You must include the BEGIN NEW CERTIFICATE REQUEST and END NEW CERTIFICATE REQUEST lines.
Copy the text onto the Certificate Request form on the Web site of the CA.
To export the CR as a file:
Select Operations, and then Export Certificate Request.
Specify the name and location to save the exported CR file. A status line message confirms that the CR was successfully exported.
After the CR is exported, you can upload the file to the Web site of the CA.
After the CA has validated your CR, they will send you a user certificate for your site, either as simple text within an e-mail message or as a file. You must then import this user certificate into your wallet.
If you are using a trial Root Certificate or have chosen a CA that does not have a trusted CA certificate already installed in Oracle Wallet Manager, then you must first import the trusted CA certificate before importing your site-specific user certificate.
Importing the Trusted Certificate (if required)
To import the trusted certificate:
ClickOperations, and then Import Trusted Certificate.
Based on the format that was supplied by the CA, select either Paste the Certificate or Select the file that contains the certificate.
Select the certificate file or paste in the trusted certificate text supplied by the CA in an e-mail message.
Oracle Wallet Manager expects base-64 encoded Root Certificates. If you do not have a base-64 encoded Root Certificate, you must convert the certificate to the supported format. This is explained in the following section.
Click OK.
Changing the Trusted Certificate Format (If Necessary)
If the import of the trusted certificate fails, then it is possible that the certificate is in a format that Oracle Wallet Manager does not support. In this case, you need to convert the certificate to a supported format before importing. The easiest way to do this is through the certificate Import/Export Wizards within a browser. The following steps are for the Microsoft Internet Explorer browser.
In Microsoft Internet Explorer, select Tools and then Internet Options.
Click the Content tab.
Click Certificates....
Click the Trusted Root Certification Authorities tab.
Select Import..., and follow the steps in the wizard to import the certificate.
Highlight the newly imported certificate in the list.
Click Export..., and follow the steps of the wizard. On the Export File Format page of the wizard, select Base-64 encoded X.509.
Click Next, and give the certificate file a name.
Click Next.
Click Finish.
Importing the User Certificate of the Server
To import the user certificate:
Click Operations, and then Import User Certificate.
Based on the format that was supplied by the CA, either Paste the Certificate or Select the file that contains the certificate.
Select the certificate file or paste in the user certificate text supplied by the CA in an e-mail message.
Click OK. A status line message is displayed indicating the that the user certificate has been successfully imported.
After importing your certificates into your wallet, you must save the wallet with the AutoLogin functionality enabled. This step is required because Web Cache needs to access the wallet without supplying a wallet password. If AutoLogin is not set, then Web Cache cannot run in SSL mode.
To save the wallet with the AutoLogin functionality enabled:
In Oracle Wallet Manager, select the newly imported Trusted Certificate from the list.
Select Wallet, and then AutoLogin (if it is not already selected).
Click Wallet, and then Save.
