Oracle® Collaboration Suite SSL Configuration Release 2 (9.0.4) Part Number B15611-01 |
|
|
View PDF |
This chapter explains how to configure Oracle Web Conferencing for SSL. The setup is different depending on whether you have a single-box installation or a distributed installation. Refer to one of the following sections depending on your environment:
For iMeeting to work properly, you may require a second dedicated IP address.
See Also: Oracle Web Conferencing Administrator's Guide |
This is required only if you use ports 443 and 80 on the Middle Tier setup. Because in the example described in this document, port 443 has been used on the Middle Tier for Oracle9iAS Single Sign-On, this port cannot be used. There, a virtual host must be created and the IP address on the virtual host must be externally resolvable.
To set up MOD_IMEETING:
Set up an alias with a new DNS-registered IP address.
Log in as root,
and enter the following commands as illustrated in the following example. Note that this example is specific to a Linux environment:
$>su root Password : your password /sbin/ifconfig eth0:0 ip_address /sbin/route add -host ip_address hostname eth0:0
If you type /sbin/ifconfig
on the command prompt, then the following is displayed:
eth0 Link encap:Ethernet HWaddr 00:06:5B:F8:06:32 inet addr:144.20.172.61 Bcast:144.20.173.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:117495 errors:0 dropped:0 overruns:0 frame:0 TX packets:104768 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:16888694 (16.1 Mb) TX bytes:25845123 (24.6 Mb) Interrupt:28 eth0:0 Link encap:Ethernet HWaddr 00:06:5B:F8:06:32 inet addr:144.20.172.172 Bcast:144.20.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:28 RX packets:0 errors:0 dropped:0 overruns:0 TX packets:0 errors:0 dropped:0 overruns:0
Configure the Oracle HTTP Server on the Middle Tier home to include the virtual host settings.
Add another virtual host in the <IfModule mod_ossl.c
> section for the second IP address, as illustrated in the following example:
<VirtualHost second-ip-address:443> ServerName <if a hostname alias is created for second-ip-address (optional)> Port 443 SSLEngine on SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_DES_CBC_SHA:SSL_RSA_EXPORT_WITH_RC4_40_MD5:SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSLWallet <wallet file location: You can set it for the same wallet as the wallet used for ssl on primary IP-address> Listen second-ip-address:443 </VirtualHost>
Ensure that the virtual-host enabled for SSL on primary IP-address
is listening on primary-ip-address
:443 (and not 443 only).
Also set the Infrastructure httpd.conf
file to only listen on the main address of the Middle Tier, middletierhostname
. By default, the Infrastructure listens on all addresses.
Restart Oracle HTTP Server by running the following command:
dcmctl restart -ct ohs
Create a script in the $Midtier_ORACLE_HOME/imeeting/bin/scripts
directory with the following entries:
vi $Midtier_ORACLE_HOME/imeeting/bin/scripts/mysetup.imt setproperty -pname ApacheProtocolSecure -pvalue false setproperty -pname ApacheTunnelHost -pvalue WebcacheHOSTNAME setproperty -pname ApacheTunnelPort -pvalue 443 setproperty -pname ApacheWebHost -pvalue WebcacheHOSTNAME setproperty -pname ApacheWebPort -pvalue 80 setproperty -pname ApacheWebSecurePort -pvalue 443 setproperty -pname GlobalWebHost -pvalue WebcacheHOSTNAME setproperty -pname GlobalWebPort -pvalue 80 setproperty -pname MxWalletLocation -pvalue /u02/mtier/Apache/Apache/conf/ssl.wlt/default setProperty -ct mxcomm -pname SrvNumProcs -pvalue 1 setProperty -ct clbsvr -pname SrvNumProcs -pvalue 4 setProperty -ct mxcomm -pname MxListenPort -pvalue "[\"2400\"]" setProperty -ct mxcomm -pname MxRedirectPort -pvalue "[\"2420\"]"
After you create the script, run it by using the following command:
$ORACLE_HOME/imeeting/bin/scripts> ../imtctl <../scripts/mysetup.imt
Test the setup.
Run tests should look like this for basic setup.
imtctl>runtests
Instance - mtier.WebcacheHOSTNAME:
TEST NAME SUCCESS
mtgtest true
voiceconvtest false
docconvtest false
dbtest true
apptest true
mxmodtest true
proxytest false
emailtest false
Besides SSL, you must change the following for the Web client application:
Update the file $ORACLE_HOME/j2ee/OC4J_UM/config/oc4j.properties oracle.mail.Portlet.httpsToWebmail=true
You must stop and restart the Middle Tier processes after you complete the procedure.
$ORACLE_HOME/opmn/bin/opmnctl stopall $ORACLE_HOME/opmn/bin/opmnctl startall
For Oracle Web Conferencing to work properly with SSL and standard ports, make the following changes:
On the Middle Tier host, change to the $ORACLE_HOME/imeeting/bin/
directory and run the following commands:
setproperty -pname ApacheProtocolSecure -pvalue true
setproperty -pname ApacheWebPort -pname 80
setproperty -pname ApacheWebSecurePort -pname 443
setproperty -pname ApacheWebHost -pvalue MidtierHostname
setproperty -pname MxWalletLocation -pvalue $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default
MxWalletLocation
should reflect the location of your certificate.
After this is completed, stop and start Oracle Web Conferencing:
$ORACLE_HOME/imeeting/bin/imtctl stop $ORACLE_HOME/imeeting/bin/imtctl start
Stop and restart the Middle Tier processes:
$ORACLE_HOME/opmn/bin/opmnctl stopall $ORACLE_HOME/opmn/bin/opmnctl startall
Test the setup.
Run tests should look like this for basic setup.
imtctl> runtests Instance - MidtierHostname.DomainName: TEST NAME SUCCESS mtgtest true voiceconvtest false docconvtest false dbtest true apptest true mxmodtest true proxytest false emailtest false