Select Wallet -> AutoLogin so that it is checked.
It will create a file cwallet.sso in the location where your wallet is saved.
By default All SSL related information are stored in the following file:
SOA_HOME/Apache/Apache/conf/ssl.conf
if you will open this file you will find an entry like this
Listen 4444
<VirtualHost _default_:4444>
# General setup for the virtual host
DocumentRoot "C:\product\10.1.3.1\OracleAS_1\Apache\Apache\htdocs"
ServerName ARAHI-PC2.in.oracle.com
ServerAdmin you@your.address
ErrorLog "|C:\product\10.1.3.1\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
TransferLog "|C:\product\10.1.3.1\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200"
Port 4444
For SSL to work, the SSL 'Listen' port must be same as the "VirtualHost _default_" property within the file.
when we install SOA Suite it by default sets a ssl port which in our case is 4444
As you can see linsten and VirtualHost _default_ is set to same value 4444
so even if we will try to open our bpel console through https://host:port/BPELConsole
we will get certificate exception if we will try to get the certificate that will be the default certificate that is generated by the soa suite during installation.
But our purpose here is to use our own certificate for ssl authentication.
Also you can see server wallet
# Server Wallet:
# The server wallet contains the server's certificate, private key
# and trusted certificates. Set SSLWallet at the wallet directory
# using the syntax: file:
SSLWallet file:C:\product\10.1.3.1\OracleAS_1\Apache\Apache\conf\ssl.wlt\default
if you will go to this location you will find a file named as ewallet.p12
this is the default wallet generated by soa suite.
We will just replace this wallet by the wallet that we have created in our previous exercise.
so the only change i will do is
SSLWallet file:D:/OCA/Wallet.
This is the location where in i have stored my wallet.
I will use the same port 4444 for ssl authentication.
This is configuration in soa suite 10.1.3.X
as by default ssl is on in 10.1.3.x version but for 10.1.2.x the configuration is different but we need not bother about that as it is obsolete version.
So once we have done the changes just restart the server and now try to log in to the BPEL Console using ssl port
https://host:port/BPELConsole
you will get an exception
if you will try to get the exception you will get something like this
try to view the certificate
click on view and you can see that it is same certificate which has been verified by verisign for trail purpose only.
So once you accept this you can view the console.
So this is how big companies use some third party certification authority and use it for ssl authentication.
2 comments:
Hi Mikku,
How to create a certificate on the standalone Oracle HTTP Server. Running tools like orapki requires Oracle Home which is not installed on my server.
Can you help me on this?
Thanks.
You can use the java keytool ,please have a look in the following
http://soa-bpel-esb.blogspot.com/2010/09/creating-keystore-file-for-ssl.html
Post a Comment