Oracle® Beehive Installation Guide Release 1 (1.4) for Solaris Operating System (SPARC 64-Bit) Part Number E13793-02 |
|
|
View PDF |
This module describes how to configure TLS (Transport Layer Security) with Oracle Wallet.
A wallet is a password-protected container that stores authentication and signing credentials, including private keys, certificates, and trusted certificates, all of which are used by SSL for strong authentication.
Oracle Wallet provides a TLS encrypted communication channel that some services support or require, such as XMPP, FTPS, and the Workflow Service. The following steps configure Oracle Beehive to use Oracle Wallet so that clients may access Oracle Beehive with a TLS connection.
Refer to the section "Changing Oracle Wallet Password" to change the password of your Oracle Wallet.
Refer to the section "Configuring TLS on Multiple Instances" if you have more than one Oracle Beehive instance.
Refer to the section "Enabling ORMIS with Password-Protected Oracle Wallet" if you want to enable Oracle Remote Method Invocation over SSL.
Ensure that the environment variable ORACLE_HOME is set to the home directory of Oracle Beehive.
Run the following command:
<Oracle home>/bin/orapki wallet create -wallet <Oracle home>/Apache/Apache/conf/ssl.wlt/default/ -auto_login -pwd welcome
This command creates a wallet with auto login enabled in the directory <Oracle home>
/Apache/Apache/conf/ssl.wlt/default/
(which is the default wallet directory) with the password welcome
.
The following steps describe how to configure your Oracle Beehive instance to use Oracle Wallet.
Run the following beectl
command:
beectl modify_property --component beehive_instance_<instance>.<host name> --name WalletDir --value <Oracle home>/Apache/Apache/conf/ssl.wlt/default
<instance>
is the instance name you specified when you installed Oracle Beehive. To retrieve the full instance name, run the command beectl list_components --type BeehiveInstance
.
Activate the configuration and restart by running the following beectl
command:
beectl activate_configuration
Notes:
If thebeectl activate_configuration
command asks you to run the beectl modify_local_configuration_files
command, run this command.
The beectl modify_local_configuration_files
will ask you to run this command on all your other instances. Do not run this command on all your other instances at this time. For each instance, you must perform steps 1 and 2 before running the beectl modify_local_configuration_files
command.
Refer to "Changing the Password" in Chapter 11, "Managing Wallets and Certificates" in Oracle Application Server Administrator's Guide. This involves using Oracle Wallet Manager. Run <Oracle home>
/bin/owm
to run Oracle Wallet Manager.
For each instance, run all the steps required to configure TLS with Oracle Wallet.
ORMIS is ORMI over SSL or Oracle Remote Method Invocation over Secure Socket Layer. For more information about ORMIS, refer to "Using ORMI/SSL (ORMIS) in OC4J" in Chapter 6, "Using Remote Method Invocation" in Oracle Containers for J2EE Services Guide.
By default, Oracle Beehive is ORMIS enabled using an anonymous cipher suite.
This section covers the following topics:
Modify the property _CURRENT_SITE:ManagedOc4jCluster:OrmisEnabled to false and activate the configuration:
beectl modify_property --component _CURRENT_SITE:ManagedOc4jCluster --name OrmisEnabled --value false
Activate the configuration:
beectl activate_configuration
Run the command beectl modify_local_configuration_files
. This command may restart your application tier:
beectl modify_local_configuration_files
Modify the property _CURRENT_SITE:ManagedOc4jCluster to true and activate the configuration:
beectl modify_property --component _CURRENT_SITE:ManagedOc4jCluster --name OrmisEnabled --value true
Activate the configuration:
beectl activate_configuration
Run the command beectl modify_local_configuration_files
. This command may restart your application tier:
beectl modify_local_configuration_files
Create a wallet as described in this module.
Modify the property _CURRENT_SITE:ManagedOc4jCluster to true:
beectl modify_property --component _CURRENT_SITE:ManagedOc4jCluster --name OrmisEnabled --value true
Modify the property WalletDir of your Oracle Beehive instance to the path of your Oracle Wallet directory you just created with the following beectl
commands:
beectl list_components --type BeehiveInstance ------------------------------------------------------- | Component type | Component identifier | ------------------------------------------------------- | BeehiveInstance | beehive_instance_example.com | ... beectl modify_property --component beehive_instance_example.com --name WalletDir --value <Your wallet directory> Successfully stored the property for component id 09386579-b66c-41d7-96e6-88f44673ec55.
Set the wallet password:
beectl modify_secure_property –-component <Component ID or alias of your Oracle Beehive instance; for example, the previous step used beehive_instance_example.com> --name WalletPassword
This command will prompt you for the wallet password.
Activate the configuration:
beectl activate_configuration
Run the command beectl modify_local_configuration_files
. This command may restart your application tier:
beectl modify_local_configuration_files