Creating Wallets and Installing Certificates for Oracle HTTP Server

Oracle HTTP Server certificates are stored in Oracle Wallet. You need two wallets, which can be created using Oracle Wallet Manager.

The two signed certificates—one for external communication between Oracle HTTP Server and browsers, and the other for routing internal communication among EPM System servers—are required to support full SSL configuration. Oracle recommends that these certificates be tied to server aliases, for example, epm.myCompany.com and empinternal.myCompany.com, to prevent the exposure of server names and to enhance security. If you are not using a third-party CA known to Oracle HTTP Server, you also need the root CA certificate.

Note:

Perform this procedure on each Oracle HTTP Server host machine.

  To install Oracle HTTP Server certificate into Oracle Wallet:

  1. On the machine that hosts Oracle HTTP Server, launch the Wallet Manager.

    • Windows: Select Start, then All Programs, Oracle-OHxxxxxx, then Integrated Management Tools, and then Wallet Manager.

      xxxxxx is the Oracle HTTP Server instance number.

    • UNIX: Execute MIDDLEWARE_HOME/ohs/bin/owm to launch the Wallet Manager from the command line.

      Note:

      The Wallet Manager requires a graphical environment.

  2. Create a new, empty Wallet.

    1. In Oracle Wallet Manager, select Wallet, and then New.

    2. Click Yes to create a default wallet directory, or No to create the Wallet file in a location of your choice.

    3. In Wallet Password and Confirm Password on the New Wallet screen, enter the password that you want to use.

    4. Click OK.

    5. Click No in the confirmation dialog box.

  3. Optional: If you are not using a CA that is known to Oracle HTTP Server, import the root CA certificate into the Wallet.

    1. In Oracle Wallet Manager, right-click Trusted Certificates and select Import Trusted Certificate.

    2. Browse and select the root CA certificate.

    3. Select Open.

  4. Create a certificate request.

    1. In Oracle Wallet Manager, right-click Certificate: [Empty] and select Add Certificate Request.

    2. In Create Certificate Request screen, enter the required information.

      For common name, enter the fully qualified server alias; for example, epm.myCompany.com or epminternal.myCompany.com, available in the hosts file on your system.

    3. Click OK.

    4. Click OK in the confirmation dialog box.

    5. Right-click the certificate request that you created and select Export Certificate Request.

    6. Specify a name for the certificate request file.

  5. Using the certificate request files, obtain signed certificates from the CA.

  6. Import signed certificates.

    1. In Oracle Wallet Manager, right-click the certificate request that was used to obtain the signed certificate and then select Import User Certificate.

    2. In Import Certificate, click OK to import the certificate from a file.

    3. In Import Certificate, select the Certificate file, and then click Open.

  7. Select Wallet, and then Auto Login to activate auto login.

  8. Save the Wallet to a convenient location; for example, MIDDLEWARE_HOME/ohs/bin/wallet/epmwallet.

  9. Repeat step 2 to step 9 to create another wallet and install certificates.