Saturday, August 28, 2010

Configuring HTTP Server to use SSL in Oracle Application Server

If you have a ready certificate in your wallet then these are the steps that you need to follow in order to configure your http server to use ssl in soa suite.

Select Wallet -> AutoLogin so that it is checked.

It will create a file cwallet.sso in the location where your wallet is saved.

By default All SSL related information are stored in the following file:

SOA_HOME/Apache/Apache/conf/ssl.conf

if you will open this file you will find an entry like this

Listen 4444

<VirtualHost _default_:4444>

# General setup for the virtual host
DocumentRoot "C:\product\10.1.3.1\OracleAS_1\Apache\Apache\htdocs"
ServerName ARAHI-PC2.in.oracle.com
ServerAdmin you@your.address
ErrorLog "|C:\product\10.1.3.1\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
TransferLog "|C:\product\10.1.3.1\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200"
Port 4444


For SSL to work, the SSL 'Listen' port must be same as the "VirtualHost _default_" property within the file.


when we install SOA Suite it by default sets a ssl port which in our case is 4444

As you can see linsten and VirtualHost _default_ is set to same value 4444

so even if we will try to open our bpel console through https://host:port/BPELConsole

we will get certificate exception if we will try to get the certificate that will be the default certificate that is generated by the soa suite during installation.

But our purpose here is to use our own certificate for ssl authentication.


Also you can see server wallet

# Server Wallet:
# The server wallet contains the server's certificate, private key
# and trusted certificates. Set SSLWallet at the wallet directory
# using the syntax: file:
SSLWallet file:C:\product\10.1.3.1\OracleAS_1\Apache\Apache\conf\ssl.wlt\default

if you will go to this location you will find a file named as ewallet.p12

this is the default wallet generated by soa suite.

We will just replace this wallet by the wallet that we have created in our previous exercise.

so the only change i will do is

SSLWallet file:D:/OCA/Wallet.

This is the location where in i have stored my wallet.

I will use the same port 4444 for ssl authentication.

This is configuration in soa suite 10.1.3.X

as by default ssl is on in 10.1.3.x version but for 10.1.2.x the configuration is different but we need not bother about that as it is obsolete version.

So once we have done the changes just restart the server and now try to log in to the BPEL Console using ssl port

https://host:port/BPELConsole


you will get an exception




if you will try to get the exception you will get something like this




try to view the certificate

click on view and you can see that it is same certificate which has been verified by verisign for trail purpose only.



So once you accept this you can view the console.

So this is how big companies use some third party certification authority and use it for ssl authentication.

2 comments:

Anonymous said...

Hi Mikku,
How to create a certificate on the standalone Oracle HTTP Server. Running tools like orapki requires Oracle Home which is not installed on my server.

Can you help me on this?

Thanks.

Mikku said...

You can use the java keytool ,please have a look in the following

http://soa-bpel-esb.blogspot.com/2010/09/creating-keystore-file-for-ssl.html