After installing Oracle Application server on CentOS I need to install SSL on it. As it is development environment we have tried to use self signed certificate for the same.
Note: Click on the pictures for better view.

CentOS 5.6
Oracle Application Server
ORCLE_HOME = /app/oracle/product/

First we will create a directory to store CSR

export ORCLE_HOME=/app/oracle/product/
mkdir $ORCLE_HOME/csr

Generating CSR
Now we will generate Certificate authority and Certificate key with openssl. I have used password for pass phrase as “password” without quote. For “Common Name” specify your domain name.

openssl req -new -x509 -keyout cakey.pem -out cacert.crt -days 365
Generating a 1024 bit RSA private key
writing new private key to 'cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Maharashtra
Locality Name (eg, city) [Newbury]:Mumbai
Organization Name (eg, company) [My Company Ltd]:Techienote
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []
Email Address []

Above command will create two files cacert.crt and cakey.pem in ORACLE_HOME/csr folder

cacert.crt cakey.pem

Now we need to generate CSR from Oracle Wallet Manager


It will open Oracle Wallet Manager

Now click on Wallet > New

It will ask you for default wallet directory click Yes

Ignore the error and once again click on Yes

Now it will ask for the wallet password I have entered password

It will ask for CSR generation click Yes

In CSR fill the information propely. Choose Common Name as your domain name

It will show CSR has been created message.

We need to export the CSR to generate self signed certificate. Right click on Certificate:Requested from left panel, and choose Export Certificate Request

It will ask for the path save it in $ORACLE_HOME/csr folder as request.csr

Also save wallet in $ORACLE_HOME/csr folder. To do so click on Wallet > Save As and choose Directory as $ORACLE_HOME/csr

Now you will have Certificate authority(cacert.crt), Certificate key(cakey.pem), CSR(request.csr) and wallet(ewallet.p12) in $ORACLE_HOME/csr folder

ewallet.p12  request.csr cacert.crt cakey.pem

Generate Server Certificate

We will generate Trusted Certificate and User Certificate
go to ORACLE_HOME/csr folder, and run openssl. For password enter password
openssl x509 -req -in request.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial -days 3650 > server.crt

Signature ok
Getting CA Private Key
Enter pass phrase for cakey.pem:

Now we will import Trusted Certificate and User Certificate in wallet. Open wallet file


Click on Wallet > open

It will ask you for default wallet directory click Yes

Open ORCLE_HOME/csr path in Directory

Enter password as password

If everything goes well you will see Wallet opened successfully message.

Now we will import Trusted Certificate. Click on Operations > Import Trusted Certificate..

Click Select a file that contains the certificate option and select cacert.crt from $ORACLE_HOME/csr folder

You will see The trusted certificate has been successfully imported into the wallet message.

Now we will import User Certificate. Click on Operations > Import User Certificate..

Click Select a file that contains the certificate option and select server.crt from $ORACLE_HOME/csr folder

You will see Your Certificate has been successfully imported message.

We will save the wallet to ORACLE_HOME/csr folder. Before that we need to enable auto login option. Click on Wallet and check Auto login

Configuring SSL
Open ORACLE_HOME/opmn/conf/opmn.xml file and check for a)wallet-file and b)ssl-enabled tag in HTTP_Server

Now we need to copy our file to ORACLE_HOME/opmn/conf/ssl.wlt/default

cd $ORACLE_HOME/opmn/conf/ssl.wlt/default
mv cwallet.sso cwallet.sso.old
mv ewallet.p12 ewallet.p12.old 
cd  $ORACLE_HOME/csr
cp cwallet.sso ewallet.p12 $ORACLE_HOME/opmn/conf/ssl.wlt/default 

we will enable ssl in httpd.conf file. Open ORACLE_HOME/Apache/Apache/conf/httpd.conf and uncomment SSL definitions and Virtual Host container
vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
# Include the SSL definitions and Virtual Host container
include "/app/oracle/product/"

And in $ORACLE_HOME/Apache/Apache/conf/ssl.conf check for SSLWallet file

vi $ORACLE_HOME/Apache/Apache/conf/ssl.conf
SSLWallet file:/app/oracle/product/

Now just refresh the HTTP_Server by running

cd $ORACLE_HOME/opmn/bin
./opmnctl restartproc ias-component=HTTP_Server

Check by opening EM console, http://ip:ssl_port/em

Self Signed Certificate for Oracle Application Server, Internet Application Server
Tagged on:                                                                                                     

Leave a Reply

Your email address will not be published. Required fields are marked *