Copying Generated Artifacts to the Oracle HTTP Server WebGate Instance Location

After the RREG Tool generates the required artifacts, manually copy the artifacts from the RREG_Home/output/agent_ID directory to the Oracle HTTP Server configuration directory on the Web tier host.

The location of the files in the Oracle HTTP Server configuration directory depends upon the Oracle Access Manager security mode setting (OPEN, SIMPLE, or CERT).

The following table lists the required location of each generated artifact in the Oracle HTTP Server configuration directory, based on the security mode setting for Oracle Access Manager. In some cases, you might have to create the directories if they do not exist already. For example, the wallet directory might not exist in the configuration directory.


For an enterprise deployment, Oracle recommends simple mode, unless additional requirements exist to implement custom security certificates for the encryption of authentication and authorization traffic. The information about using open or certification mode is provided here as a convenience.

Avoid using open mode, because in open mode, traffic to and from the Oracle Access Manager server is not encrypted.

For more information using certificate mode or about Oracle Access Manager supported security modes in general, see Securing Communication Between OAM Servers and WebGates in Administrator's Guide for Oracle Access Management.

File Location When Using OPEN Mode Location When Using SIMPLE Mode Location When Using CERT Mode
wallet/cwallet.sso OHS_CONFIG_DIR/webgate/config/wallet OHS_CONFIG_DIR/webgate/config/wallet/


By default the wallet folder is not available. Create the wallet folder under OHS_CONFIG_DIR/webgate/config/.
ObAccessClient.xml OHS_CONFIG_DIR/webgate/config OHS_CONFIG_DIR/webgate/config/ OHS_CONFIG_DIR/webgate/config/
password.xml N/A OHS_CONFIG_DIR/webgate/config/ OHS_CONFIG_DIR/webgate/config/
aaa_key.pem N/A OHS_CONFIG_DIR/webgate/config/simple/ OHS_CONFIG_DIR/webgate/config/
aaa_cert.pem N/A OHS_CONFIG_DIR/webgate/config/simple/ OHS_CONFIG_DIR/webgate/config/
aaa_chain.pem N/A N/A OHS_CONFIG_DIR/webgate/config/


If you need to redeploy the ObAccessClient.xml to WEBHOST1 and WEBHOST2, delete the cached copy of ObAccessClient.xml and its lock file, ObAccessClient.xml.lck from the servers. The cache location on WEBHOST1 is:

And you must perform the similar step for the second Oracle HTTP Server instance on WEBHOST2:



aaa_chain.pem is generated when certificates are created for CERT mode.