Contents

Title and Copyright Information

Send Us Your Comments

Preface

• Documentation Accessibility
• Related Documents
• Customer Support
• Review Patch Documentation
• Improved Process for Oracle Retail Documentation Corrections
• Oracle Retail Documentation on the Oracle Technology Network
• Conventions

1 Overview

• Physical Deployment Model
• Dependent Applications
• Security Features Overview
  • Securing the Application
    • Default Accounts and Passwords
    • Passwords
    • Address Translation
    • Application Time Out
  • Securing the Application Environment and Configuration
    • Database
• Using Self-Signed Certificates

2 Secure Configuration

• Operating System Considerations
  • Oracle Linux-Based Systems
  • Oracle Solaris-Based Systems
  • IBM AIX-Based Systems
  • Additional Resources
• Infrastructure and Middleware Considerations
  • Database
  • Application Server
• Application Configuration Considerations
  • Integration with Other Applications
  • Scripts and Command Line Utilities

3 Securing the WebLogic Server

• Install Patch Set Updates
• Setting Up a Secure WebLogic Domain
  • Administrative User Account
  • Operating System User Account
  • Listen Port Configuration
• Setting Up Keystores
  • Setting Up Keystores and Trust Stores
  • Associating the Keystore and Trust Store with WebLogic Server
• Configuring WebLogic Scripts in Order to Secure the Administration Server
• Adding a Certificate to the JDK Keystore for the Installer
• Enforcing Stronger Encryption in WebLogic
  • SSL Protocol Version Configuration
  • Upgrading JDK to Use Java Cryptography Extension
  • Enabling Cipher in WebLogic SSL Configuration
• Securing Nodemanager with SSL Certificates

4 Securing the Database

• Install Patch Set Updates
• Application Schema Owners
• Database Security Considerations
• Special Security Options for Oracle Databases
• Configuring SSL Connections for Database Communications
  • Configuring SSL on the Database Server
  • Configuring SSL on an Oracle Database Client
  • Configuring SSL on a Java Database Connectivity (JDBC) Thin Client
  • Configuring Oracle Wallet for Batch Script Execution

5 Troubleshooting

• Java Version 7 SSL Handshake Issue While Using Self-Signed Certificates
  • Importing the Root Certificate in Local Client JRE
  • Importing the Root Certificate to the Browser
    • Importing the Root Certificate through Internet Explorer
    • Importing the Root Certificate Through Mozilla Firefox
• Disabling Hostname Verification
• Verifying the Certificate Content
• Verifying Keystore Content
• HTTPS Service Encountering a Redirect Loop After Applying Policy A

A Appendix: Secure Services and Protocols

• Securing the Network
  • Resources
• Physical Security
• Audit and Monitoring
• Equipment Storage and Disposal