Enable SSL Between a Browser and Oracle HTTP Server

Create the following SSL (HTTP Secure Socket Layer) configuration: from users’ browsers, HTTPS to Oracle HTTP Server (Web proxy), then HTTP to Oracle WebLogic Server.

Follow instructions in one of the following sections:

• Enable SSL Between a Browser and Oracle HTTP Server Using a Certificate Authority
  
• Enable SSL Between a Browser and Oracle HTTP Server With Self Signing
  

Enable SSL Between a Browser and Oracle HTTP Server Using a Certificate Authority

An Oracle Wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys.

The Oracle Clinical Installer automatically enables traffic from Oracle HTTP Server to Oracle WebLogic Server.

Note:

Do all steps in this section with the same user account you have used in the previous steps in this chapter. You must have administrator privileges on the machine.

For more information, see:

• Create an Oracle Wallet and Generate a Certificate Request
  
• Obtain Trusted Certificate and User Certificate from Certificate Authority
  
• Add the User Certificate and Trusted Certificate to an Oracle Wallet
  
• Edit the Oracle HTTP Server Configuration File
  

Create an Oracle Wallet and Generate a Certificate Request

To create an Oracle Wallet:

1. Create an Oracle Wallet: https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/asadm/managing-keystores-wallets-and-certificates.html#GUID-DA49F413-AB8F-46E6-924C-EC4CD8F96AC1
2. Generate a Certificate Request: https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/asadm/managing-keystores-wallets-and-certificates.html#GUID-70174F92-035D-4829-9DB8-8118964BFA9D

Obtain Trusted Certificate and User Certificate from Certificate Authority

Note:

Certificate signed using MD5 algorithm is no longer supported in Oracle HTTP Server (12.2.1.4). You must get the certificate signed using Secure Hashing Algorithm 2 (SHA-2).

1. Obtain the certificates from the Certificate Authority as described in Get a CA Certificate for HTTPS.
   Depending on the Certificate Authority, you will need to send either the certificate request file generated in the previous section or you will need to copy and paste the text in that file.

Add the User Certificate and Trusted Certificate to an Oracle Wallet

For information, see https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/asadm/managing-keystores-wallets-and-certificates.html#GUID-70174F92-035D-4829-9DB8-8118964BFA9D.

Edit the Oracle HTTP Server Configuration File

WebLogic Server installation creates a default, unsigned SSL wallet file for OHS. Its location is specified in the configuration file (ssl.conf) loaded at startup from the %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1 directory.

1. Make a backup copy of ssl.conf, which is located where Fusion Middleware is installed in %ORACLE_HOME%:

   %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1
   
   %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\instances\ohs1
   

2. Open ssl.conf in a text editor.
3. Find the string #Path to the wallet and comment out the default location that follows it.

   SSLWallet ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default
   

4. Replace the above string (in bold) with the path to the directory you created:

   SSLWallet %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1\keystores
   

5. Stop and start Oracle HTTP Server (OHS) to load the configuration change:
   1. To stop OHS:

      Doc bug 28913244: Changed user\projects to user_projects

      %ORACLE_HOME%\user_projects\domains\FRDomain\bin\stopComponent ohs1

   2. To start OHS:

      %ORACLE_HOME%\user_projects\domains\FRDomain\bin\startComponent ohs1

   Note:

   ohs1 is the name of OHS component provided while configuring FRDomain.

   %ORACLE_HOME% is the location of installed FMW.

6. Test that you can connect from a browser to your virtual host in HTTPS URL:

   https://host.your_company_domain

Enable SSL Between a Browser and Oracle HTTP Server With Self Signing

For more information, see How to create a Self Signed Certificate to enable SSL between the Browser and HTTP Server in Oracle Clinical 5.2 (Document ID 2473240.1) on My Oracle Support.

Doc bug 28917294: Updated the above reference doc ID.

For more information, see:

• Edit the Oracle HTTP Server Configuration File
  

Edit the Oracle HTTP Server Configuration File

WebLogic Server installation creates a default, unsigned SSL wallet file for OHS. Its location is specified in the configuration file (ssl.conf) loaded at startup from the %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1 directory.

1. Make a backup copy of ssl.conf, which is located where Fusion Middleware is installed in %ORACLE_HOME%:

   %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS \ohs1
   
   %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\instances\ohs1
   

2. Open ssl.conf in a text editor.
3. Find the string #Path to the wallet and comment out the default location that follows it.

   SSLWallet ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default
   

4. Replace the above string (in bold) with the path to the directory you created:

   SSLWallet %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1\keystores\default
   

5. Start Oracle HTTP Server (OHS) to load the configuration change:

   Note:

   Before starting ohs1, start the FRDomain Node Manger. Else, ohs1 will not start.

   %ORACLE_HOME%\user_projects\domains\FRDomain\bin\startComponent ohs1

   ohs1 is the name of OHS component provided while configuring FRDomain.

   %ORACLE_HOME% is the location of installed FMW.

6. Test that you can connect from a browser to your virtual host in HTTPS URL:
   https://host.your_company_domain