After installing Oracle Application server on CentOS I need to install SSL on it. As it is development environment we have tried to use self signed certificate for the same.
Note: Click on the pictures for better view.
Environment:
CentOS 5.6
Oracle Application Server 10.1.3.1
ORCLE_HOME = /app/oracle/product/10.1.3.1/OracleAS_1/
First we will create a directory to store CSR
export ORCLE_HOME=/app/oracle/product/10.1.3.1/OracleAS_1/ mkdir $ORCLE_HOME/csr cd ORCLE_HOME/csr
Generating CSR
Now we will generate Certificate authority and Certificate key with openssl. I have used password for pass phrase as “password” without quote. For “Common Name” specify your domain name.
openssl req -new -x509 -keyout cakey.pem -out cacert.crt -days 365
Generating a 1024 bit RSA private key ..................++++++ ................++++++ writing new private key to 'cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:IN State or Province Name (full name) [Berkshire]:Maharashtra Locality Name (eg, city) [Newbury]:Mumbai Organization Name (eg, company) [My Company Ltd]:Techienote Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:ubuntu.home.network Email Address []:vidyadhards@gmail.com
Above command will create two files cacert.crt and cakey.pem in ORACLE_HOME/csr folder
cd $ORACLE_HOME/csr ls
cacert.crt cakey.pem
Now we need to generate CSR from Oracle Wallet Manager
cd $ORACLE_HOME/bin ./owm
It will open Oracle Wallet Manager
Now click on Wallet > New
It will ask you for default wallet directory click Yes
Ignore the error and once again click on Yes
Now it will ask for the wallet password I have entered password
It will ask for CSR generation click Yes
In CSR fill the information propely. Choose Common Name as your domain name
It will show CSR has been created message.
We need to export the CSR to generate self signed certificate. Right click on Certificate:Requested from left panel, and choose Export Certificate Request
It will ask for the path save it in $ORACLE_HOME/csr folder as request.csr
Also save wallet in $ORACLE_HOME/csr folder. To do so click on Wallet > Save As and choose Directory as $ORACLE_HOME/csr
Now you will have Certificate authority(cacert.crt), Certificate key(cakey.pem), CSR(request.csr) and wallet(ewallet.p12) in $ORACLE_HOME/csr folder
cd $ORACLE_HOME/csr ls
ewallet.p12 request.csr cacert.crt cakey.pem
Generate Server Certificate
We will generate Trusted Certificate and User Certificate
go to ORACLE_HOME/csr folder, and run openssl. For password enter password
cd $ORACLE_HOME/csr
openssl x509 -req -in request.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial -days 3650 > server.crt
Signature ok subject=/C=IN/ST=Maharashtra/L=Mumbai/O=Techienote/OU=IT/CN=ubuntu.home.network Getting CA Private Key Enter pass phrase for cakey.pem:
Now we will import Trusted Certificate and User Certificate in wallet. Open wallet file
cd $ORACLE_HOME/bin ./owm
Click on Wallet > open
It will ask you for default wallet directory click Yes
Open ORCLE_HOME/csr path in Directory
Enter password as password
If everything goes well you will see Wallet opened successfully message.
Now we will import Trusted Certificate. Click on Operations > Import Trusted Certificate..
Click Select a file that contains the certificate option and select cacert.crt from $ORACLE_HOME/csr folder
You will see The trusted certificate has been successfully imported into the wallet message.
Now we will import User Certificate. Click on Operations > Import User Certificate..
Click Select a file that contains the certificate option and select server.crt from $ORACLE_HOME/csr folder
You will see Your Certificate has been successfully imported message.
We will save the wallet to ORACLE_HOME/csr folder. Before that we need to enable auto login option. Click on Wallet and check Auto login
Configuring SSL
Open ORACLE_HOME/opmn/conf/opmn.xml file and check for a)wallet-file and b)ssl-enabled tag in HTTP_Server
Now we need to copy our file to ORACLE_HOME/opmn/conf/ssl.wlt/default
cd $ORACLE_HOME/opmn/conf/ssl.wlt/default mv cwallet.sso cwallet.sso.old mv ewallet.p12 ewallet.p12.old cd $ORACLE_HOME/csr cp cwallet.sso ewallet.p12 $ORACLE_HOME/opmn/conf/ssl.wlt/default we will enable ssl in httpd.conf file. Open <strong>ORACLE_HOME/Apache/Apache/conf/httpd.conf</strong> and uncomment <strong>SSL definitions and Virtual Host container</strong> <pre lang="bash"> vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
# Include the SSL definitions and Virtual Host container include "/app/oracle/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/ssl.conf"
And in $ORACLE_HOME/Apache/Apache/conf/ssl.conf check for SSLWallet file
vi $ORACLE_HOME/Apache/Apache/conf/ssl.conf
SSLWallet file:/app/oracle/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/ssl.wlt/default
Now just refresh the HTTP_Server by running
cd $ORACLE_HOME/opmn/bin ./opmnctl restartproc ias-component=HTTP_Server
Check by opening EM console, http://ip:ssl_port/em
My name is Vidyadhar Sarmalkar & I work as a consultant and have done RHCE & CCNA. 
