Search

Custom Search

Thursday 30 July 2015

Enabling SSL in oracle EBS 12.0.6

The steps outlined below will help you to add SSL encryption to your Oracle EBS application.
The following uses a self signed certificate but if you would like to create a local certificate authority(CA) for signing such certificates  please view the tutorial here...


 Basic Steps
  •     Create Wallet with Self-Signed certificate
  •     Copy Wallet with Self-Signed certificate to OPMN certificate directory
  •     Modify Xml attributes
  •     Run Adauto config
  •     Configure database (Copy Wallet)
  •     Restart Server
  •     End

Middle Tier Setup

Step 1)  Generate Wallet and Self-Signed Certificate

 
Source your environment 
 
  •  Log on to the application (middle) tier, as the OS user who owns the application tier files.
  •  Source your /.env file to set your APPL_TOP variables.
  • Navigate to the $INST_TOP/ora/10.1.3 and source the .env file to set your 10.1.3 ORACLE_HOME variables. When working with wallets and certificates, you must use the 10.1.3 executables.

Create a Wallet
 
  • Verify the location of the Web SSL directory: grep s_web_ssl_directory $CONTEXT_FILE
  • Navigate to this directory, which will have Apache and opmn subdirectories
  • Change to the Apache subdirectory
  • Backup any existing wallets (demo certificates are included in Release 12)

Create your new wallet:

orapki wallet create -wallet . -auto_login -pwd

"-wallet ." (note the ".") tells orapki that you want to create the wallet in the current directory. You can also specify the full path to any directory where you wish to create a wallet.

" -auto_login" tells orapki that you want to create cwallet.sso which is an obfuscated copy of ewallet.p12. With auto login enabled, processes submitted by the OS user who created the wallet will not need to supply the password to access the wallet.


You should now see two wallet files in your directory: cwallet.sso and ewallet.p12.

Add your self-signed certificate to the wallet.

Enter the following command all on one line, substituting the appropriate parameters for your instance:

orapki wallet add -wallet . -dn "CN=EBSSERVER.COM,OU=IT,O=COMPANY_NAME,L=CITY,ST=STATE,C=US" -keysize 1024 -self_signed -validity 9650 -pwd *********

When viewed in the wallet manager the certificate must be in [Ready] state

Check permission on certificates to make sure everyone has access to them (oracle install user).


Step 2) - Modify the OPMN wallet.

The E-Business Suite Rapid Install process creates a default "demo" opmn wallet in the $INST_TOP/certs/opmn directory that can be used in test instances for basic SSL testing. Now that the Apache wallet has been created you will need to to use these same certificates for opmn.   Use the following steps to backup and copy the wallets:

  • Navigate to the $INST_TOP/certs/opmn directory.
  • Create a new directory named BAK
  • Move the ewallet.p12 and cwallet.sso files to the BAK directory just created.
  • Copy the ewallet.p12 and cwallet.sso files from the $INST_TOP/certs/Apache directory to the $INST_TOP/certs/opmn directory.
  • Do the same for the apache directory


Step 3) Appstier Setup
 
Edit the context xml file in $APPL_TOP/admin, change the SSL related variables to SSL values

SSL Related Variables in the Context File

Variable
Non-SSL Value
SSL Value
s_url_protocol
http
https
s_local_url_protocol
http
https
s_webentryurlprotocol
http
https
s_active_webport
same as s_webport
same as s_webssl_port
s_webssl_port
not applicable
default is 4443
s_https_listen_parameter
not applicable
same as s_webssl_port
s_help_web_agent
url constructed with http protocol and s_webport for both non-SSL and SSL


s_login_page
url constructed with http protocol and s_webport
url constructed with https protocol and s_webssl_port




s_external_url
url constructed with http protocol and s_webport
url constructed with https protocol and s_webssl_port


Execute autoconfig

Bounce the mid-tier services

Step 4) DB Tier Setup

Once you run autoconfig on Apps Tier, you need to do wallet setup on DB tier as well. Since R12 is autoconfig enabled, there will be a directory called appsutil in ORACLE_HOME on database side. Follow below steps to carry out the setup on database side.
  • Login to DB tier as oracle user
  • Change dir to $ORACLE_HOME/appsutil
  • Create a new dir with name “wallet”
  • Copy wallet and certificate files from steps above to this directory

If Not Working
  • Recheck XML parameters
  • Verify permissions on wallet files


No comments:

Post a Comment