Install and Configure Oracle HTTP Server for Oracle Access Management 12c
Introduction
This tutorial shows you how to install and configure Oracle HTTP Server and WebGate 12c for use with Oracle Access Management 12c.
This is the eighth tutorial in the series Getting Started with Oracle Access Management 12c. Read them sequentially.
- Getting Started with Oracle Access Management 12c Series - Overview
- Install Oracle Database for Oracle Access Management 12c
- Create an Oracle Database for Oracle Access Management 12c
- Install Oracle Access Management 12c
- Configure Oracle Access Management 12c
- Configure SSL for Oracle Access Management 12c
- Configure Oracle Unified Directory for Oracle Access Management 12c
- Install and Configure Oracle HTTP Server for Oracle Access Management 12c
- Create and Configure a WebGate
- Protect an Application Deployed in WebLogic Server with Oracle Access Management 12c
Objective
Most organizations use Oracle HTTP Server as a front end to access web applications. Oracle WebGate is used to protect web applications with Oracle Access Management.
Prerequisites
To have followed Configure Oracle Unified Directory for Oracle Access Management 12c.
Download the Oracle HTTP Server 12c Software
In this section, you download Oracle HTTP Server (OHS) 12c software. In this release Oracle WebGate software is included in the Oracle HTTP Server installation.
-
Launch a browser and navigate to Oracle Web Tier Downloads.
-
Under Oracle HTTP Server 12.2.1.4, select Linux 64-bit. Accept the license agreement and download the Oracle HTTP Server 12.2.1.4.0 software,
fmw_12.2.1.4.0_ohs_linux64_Disk1_1of1.zip
. -
After the download is complete, move the zip file to a staging directory e.g:
/stage/OHS12c
and unzip it.
Install Oracle HTTP Server 12c
-
Launch a terminal window as
oracle
and enter the following commands to install OHS:cd /stage/OHS12c ./fmw_12.2.1.4.0_ohs_linux64.bin
-
Follow the table below to guide you through the installation screens:
Step Window Description Choice or Values 1 Welcome Click Next 2 Auto Updates Skip Auto Updates 3 Installation Location Oracle Home: /u01/app/oracle/product/middleware/
4 Installation Type Collocated HTTP Server (Managed through WebLogic Server 5 JDK Selection JDK Home: /u01/app/oracle/product/jdk
6 Prerequisite Checks Click Next 7 Installation Summary Click Install 8 Installation Progress Click Next 9 Installation Complete Click Finish Note: The Saving the inventory section of the installer may take a long time to complete.
Configure HTTP Server
-
Launch a terminal window as
oracle
and enter the following commands to stop the WebLogic Admin Server:cd /u01/app/oracle/admin/domains/oam_domain/bin ./stopWebLogic.sh
-
Run the following command to launch the Configuration Wizard:
cd /u01/app/oracle/product/middleware/oracle_common/common/bin ./config.sh
-
Follow the table below to guide you through the configuration screens:
Step Window Description Choice or Values 1 Create Domain Select Update an existing domain
Domain Location:/u01/app/oracle/admin/domains/oam_domain
2 Templates Oracle HTTP Server (Collocated) 3 Database Configuration Type Get RCU Configuration 4 Component Datasources Click Next 5 JDBC Component Schema Test Click Next 6 Advanced Configuration Click System Components
System Component:ohs1
7 System Components Click Add 8 OHS Server Server Name: http://oam.example.com:7777
9 Machine Click Next 10 Assign System Components to Machines Select ohs1
andoam_machine
and click the arrow to moveohs1
underoam_machine
11 Configuration Summary Click Update 12 Configuration Progress Click Next 13 End of Configuration Click Finish
Start the Servers
-
Launch a terminal window as
oracle
and run the following commands to start the WebLogic AdminServer:cd /u01/app/oracle/admin/domains/oam_domain/bin ./startWebLogic.sh
-
In another terminal window run the following command:
cp -R /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1 /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/instances
-
In another terminal window run the following commands to stop and start Node Manager:
cd /u01/app/oracle/admin/domains/oam_domain/bin ./stopNodeManager.sh ./startNodeManager.sh
-
In another terminal window run the following commands to start Oracle HTTP Server. Enter the password when prompted:
cd /u01/app/oracle/admin/domains/oam_domain/bin ./startComponent.sh ohs1
You should see the following if OHS started successfully:
Successfully Connected to Node Manager. Starting server ohs1 ... Successfully started server ohs1 ... Successfully disconnected from Node Manager. Exiting WebLogic Scripting Tool. Done
-
Launch a browser and check the OHS is accessible by accessing the URL
http://oam.example.com:7777
.
Configure SSL for OHS
In this section you configure SSL for OHS.
Configure Node Manager for SSL
In this section we update Node Manager to use the oam_keystore.jks
.
-
Edit the
/u01/app/oracle/admin/domains/oam_domain/nodemanager/nodemanager.properties
, add the following lines and save the file:KeyStores=CustomIdentityandCustomTrust CustomIdentityKeyStoreFileName=/u01/app/oracle/admin/domains/oam_domain/keystore/oam_keystore.jks CustomIdentityAlias=server_cert CustomIdentityPrivateKeyPassPhrase=<password> CustomTrustKeyStoreFileName=/u01/app/oracle/admin/domains/oam_domain/keystore/oam_keystore.jks
-
Restart Node Manager:
cd /u01/app/oracle/admin/domains/oam_domain/bin ./stopNodeManager.sh ./startNodeManager.sh
Create a Stripe
-
Launch a browser and access Oracle Fusion Middleware Control:
https://oam.example.com:7002/em
. Login asweblogic
/<password>
. -
Navigate to WebLogic Domain > Security > Keystore. Click on Create Stripe.
-
Enter a Stripe Name called
OHS
and click OK.
Create a Keystore for OHS
-
From the navigation menu (top left), select HTTP Server > ohs1.
-
From the drop down menu select Oracle HTTP Server > Security > Keystore.
-
Click on Create Keystore, enter Keystore Name as
ohs1_keystore
and click OK. -
Select the new keystore and click Manage.
-
Click on Generate Keypair and CSR. Enter the fields as follows and click OK:
- Alias:
ohs_cert
- Common name:
oam.example.com
- Country: US
The rest of the fields can be left as is.
- Alias:
-
In the Generate CSR window that appears, click Export CSR and export to a file name
ohs_cert.csr
. Click Close. -
The CSR should be sent to a Certificate Authority (CA) of your choice in order to generate a certificate. The CA should send back the server certificate and root CA certificate(s) that signed the certificate. For the purposes of this tutorial the certificates returned are saved as
ohs_cert.crt
andca.crt
for the server certificate and CA certifcate respectively.Note: If you do not have a CA and you generated your own CA in the previous tutorial, you can generate the certificate as follows:
cd /stage/ssl openssl x509 -req -days 36500 -in ohs_cert.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out ohs_cert.crt
The output will look similar to the following:
Signature ok subject=/C=US/CN=oam.example.com Getting CA Private Key
Import the Certificates
-
From the navigation menu (top left), select HTTP Server > ohs1
-
From the drop down menu select Oracle HTTP Server > Security > Keystore and click Manage.
-
Click on Import.
-
In the Certificate Type, select
Trusted Certificate
. Enter the alias asca_cert
and either paste the contents of the root CA certificateca.crt
or select theca.crt
file and click OK.Note: If your CA has more than one CA certificate in the chain, then you must repeat the above for each certificate using a different alias each time.
-
Click on Import again, and import the
ohs_cert.crt
. From the alias drop down menu selectohs_cert
and either paste the contents of theohs_cert.crt
or select the file and click OK.
Import the Trusted Certificate to WebLogic Domain
-
From the navigation menu (top left), select WebLogic Domain > oam_domain.
-
From the WebLogic Domain drop down menu select Security > Keystore.
-
Expand system and select trust. Click Manage.
-
In the Manage Certificates: system/trust, click Import.
-
In the Certificate Type, select
Trusted Certificate
. Enter the alias asca_cert
and either paste the contents of the root CA certificateca.crt
or select theca.crt
file and click OK.Note: If your CA has more than one CA certificate in the chain, then you must repeat the above for each certificate using a different alias each time.
Export the Keystore to a Wallet
-
From the navigation menu (top left), select HTTP Server > ohs1.
-
From the drop down menu select Oracle HTTP Server > Security > Keystore.
-
Click the padlock (top right hand corner) and select Lock and Edit.
-
Select the
ohs1_keystore
and click Export Keystore to Wallet.Note: This does not download a file, but creates the
cwallet.sso
directly on the file system where OHS resides. -
Click the padlock (top right hand corner) and select Activate Changes.
Enable SSL for OHS
-
Click the padlock (top right hand corner) and select Lock and Edit.
-
Navigate to Oracle HTTP Server > Administration > Virtual Hosts.
-
Select :4443 and click Configure > SSL Configuration.
-
In the Server Wallet Name, from the drop down menu select the path to the
ohs1_keystore
. Click OK. -
Click the padlock (top right hand corner) and select Activate Changes.
-
Click Restart to restart OHS.
-
Launch a browser and check the OHS is accessible via HTTPS by accessing the URL
https://oam.example.com:4443
.
Next Tutorial
Create and Configure a WebGate.
Feedback
To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com.
Acknowledgements
- Author - Russ Hodgson
Install and Configure Oracle HTTP Server for Oracle Access Management 12c
E89983-02
June 2022
Copyright © 2022, Oracle and/or its affiliates.