Enable SSL Between a Browser and Oracle HTTP Server
Create the following SSL (HTTP Secure Socket Layer) configuration: from users' browsers, HTTPS to Oracle HTTP Server (Web proxy), then HTTP to Oracle WebLogic Server.
Follow instructions in one of the following sections:
- Enable SSL Between a Browser and Oracle HTTP Server Using a Certificate Authority
- Enable SSL Between a Browser and Oracle HTTP Server With Self Signing
This may be useful if you want to set up HTTPS with a demo certificate for internal testing purposes.
Parent topic: Install and Configure the Oracle Application Tier
Enable SSL Between a Browser and Oracle HTTP Server Using a Certificate Authority
An Oracle Wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys.
The Oracle Thesaurus Management System Installer automatically enables traffic from Oracle HTTP Server to Oracle WebLogic Server.
Note:
Do all steps in this section with the same user account you have used in the previous steps in this chapter. You must have administrator privileges on the machine.
Follow these steps in order:
- Create an Oracle Wallet and Generate a Certificate Request
- Obtain Trusted Certificate and User Certificate from Certificate Authority
- Add the User Certificate and Trusted Certificate to an Oracle Wallet
- Edit the Oracle HTTP Server Configuration File
Parent topic: Enable SSL Between a Browser and Oracle HTTP Server
Create an Oracle Wallet and Generate a Certificate Request
To create an Oracle Wallet:
-
Create an Oracle Wallet: https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/asadm/managing-keystores-wallets-and-certificates.html#GUID-DA49F413-AB8F-46E6-924C-EC4CD8F96AC1
-
Generate a Certificate Request: https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/asadm/managing-keystores-wallets-and-certificates.html#GUID-70174F92-035D-4829-9DB8-8118964BFA9D
Obtain Trusted Certificate and User Certificate from Certificate Authority
Note:
Certificate signed using MD5 algorithm is no longer supported in Oracle HTTP Server (12.2.1.4). You must get the certificate signed using Secure Hashing Algorithm 2 (SHA-2).
-
Obtain the certificates from the Certificate Authority as described in Get a CA Certificate for HTTPS.
Depending on the Certificate Authority, you will need to send either the certificate request file generated in the previous section or you will need to copy and paste the text in that file.
Add the User Certificate and Trusted Certificate to an Oracle Wallet
Edit the Oracle HTTP Server Configuration File
WebLogic Server installation creates a default, unsigned SSL wallet file for OHS. Its location is specified in the configuration file (ssl.conf) loaded at startup from the oracle_instance\config\OHS\ohs1 directory.
-
Make a backup copy of ssl.conf, which is located where Fusion Middleware is installed in %ORACLE_HOME%:
%ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1 %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\instances\ohs1
-
Open ssl.conf in a text editor.
-
Find the string
#Path to the walletand comment out the default location that follows it.SSLWallet ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default -
Replace the above string (in bold) with the path to the directory you created:
SSLWallet %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1\keystores
-
Stop and start Oracle HTTP Server (OHS) to load the configuration change:
-
To stop OHS:
%ORACLE_HOME%\user_projects\domains\FRDomain\bin\stopComponent ohs1
-
To start OHS:
%ORACLE_HOME%\user_projects\domains\FRDomain\bin\startComponent ohs1
Note:
ohs1 is the name of OHS component provided while configuring FRDomain.
%ORACLE_HOME% is the location of installed FMW.
-
-
Test that you can connect from a browser to your virtual host in HTTPS URL:
https://host.your_company_domain
Enable SSL Between a Browser and Oracle HTTP Server With Self Signing
This may be useful if you want to set up HTTPS with a demo certificate for internal testing purposes.
For more information, see How to create a Self Signed Certificate to enable SSL between the Browser and HTTP Server in Oracle Clinical 5.2 (Document ID 2473240.1) on My Oracle Support.
For more information, see:
Parent topic: Enable SSL Between a Browser and Oracle HTTP Server
Edit the Oracle HTTP Server Configuration File
WebLogic Server installation creates a default, unsigned SSL wallet file for OHS. Its location is specified in the configuration file (ssl.conf) loaded at startup from the oracle_instance\config\OHS\ohs1 directory.
-
Make a backup copy of ssl.conf, which is located where Fusion Middleware is installed in %ORACLE_HOME%:
%ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS \ohs1 %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\instances\ohs1
-
Open ssl.conf in a text editor.
-
Find the string
#Path to the walletand comment out the default location that follows it.SSLWallet ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default -
Replace the above string (in bold) with the path to the directory you created:
SSLWallet %ORACLE_HOME%\user_projects\domains\FRDomain\config\fmwconfig\components\OHS\ohs1\keystores
-
Stop and start Oracle HTTP Server (OHS) to load the configuration change:
-
To stop OHS:
%ORACLE_HOME%\user_projects\domains\FRDomain\bin\stopComponent ohs1
-
To start OHS:
%ORACLE_HOME%\user_projects\domains\FRDomain\bin\startComponent ohs1
Note:
ohs1 is the name of OHS component provided while configuring FRDomain.
%ORACLE_HOME% is the location of installed FMW.
-
-
Test that you can connect from a browser to your virtual host in HTTPS URL:
https://host.your_company_domain