1. stop the services
2. go to $INST_TOP/certs
3. If directory Apache exists, take backup of that dir
5. cp -r Apache Apache_bak
6. cd Apache
7. rm *
If Apache dir does not exist, create it under $INST_TOP/certs.
8. Create wallet under Apache dir using :
orapki wallet create -wallet . -auto_login -pwd Welcome123
2. go to $INST_TOP/certs
3. If directory Apache exists, take backup of that dir
5. cp -r Apache Apache_bak
6. cd Apache
7. rm *
If Apache dir does not exist, create it under $INST_TOP/certs.
8. Create wallet under Apache dir using :
orapki wallet create -wallet . -auto_login -pwd Welcome123
9. Update wallet by replacing ebs.oracle.com
in the following example with your VM host
orapki wallet add -wallet . -dn "CN= ebs.oracle.com,OU=Unit,O=Org,L=Redwood Shores,ST=California,C=US" -keysize 1024 -self_signed -validity 3650 -pwd Welcome123
orapki wallet add -wallet . -dn "CN= ebs.oracle.com,OU=Unit,O=Org,L=Redwood Shores,ST=California,C=US" -keysize 1024 -self_signed -validity 3650 -pwd Welcome123
10. Replace
with your env context name in following command:
cp $INST_TOP/certs/Apache/cwallet.sso $IAS_ORACLE_HOME/instances/EBS_web_
cd $INST_TOP/certs/Apache
Please
replace the ebs.oracle.com with your
VM host .
orapki wallet export -wallet $PWD -dn "CN= ebs.oracle.com,OU=Unit,O=Org,L=Redwood Shores,ST=California,C=US" -cert server.crt -pwd Welcome123
orapki wallet export -wallet $PWD -dn "CN= ebs.oracle.com,OU=Unit,O=Org,L=Redwood Shores,ST=California,C=US" -cert server.crt -pwd Welcome123
11. cd $OA_JRE_TOP/lib/security
12. cp cacerts cacerts_org
13. $ keytool -import -alias ApacheServer -file $INST_TOP/certs/Apache/server.crt -trustcacerts -v -keystore ./cacerts -storepass Welcome123
Trust this certificate? [no]: Yes
Certificate was added to keystore
14 Update the $CONTEXT_FILE
with SSL values given in table below:
|
Variable
|
Non-SSL
Value
|
SSL
Value
|
|
|
s_url_protocol
|
http
|
https
|
|
|
s_local_url_protocol
|
http
|
https
|
|
|
s_webentryurlprotocol
|
http
|
https
|
|
|
s_active_webport
|
same
as s_webport
|
same
as s_webssl_port
|
|
|
s_webssl_port
|
not
applicable
|
Make
sure base= 4443
|
|
|
s_https_listen_parameter
|
not
applicable
|
same
as s_webssl_port
|
|
|
s_enable_sslterminator
|
#
|
remove
the '#' to use ssl_terminator.conf
|
|
|
s_login_page
|
url
constructed with http protocol and s_webport
|
url
constructed with https protocol and s_webssl_port.
Eg. https://ebs.oracle.com:4452/OA_HTML/AppsLogin |
|
|
s_external_url
|
url
constructed with http protocol and s_webport
|
url
constructed with https protocol and s_webssl_port
Eg. https://ebs.oracle.com:4452/OA_HTML/AppsLogin |
|
15. Run Autoconfig on middle tier.
On DB tier :-
On DB tier :-
- First create ca.crt using server.crt
file .
cd $ORACLE_HOME/appsutil ( RDBMS home ) - mkdir wallet
- cd wallet ; and ftp the ca.crt file created in step 1 to this location.
- Run the following commands
- orapki wallet create -wallet $ORACLE_HOME/appsutil/wallet -auto_login -pwd Welcome123
- import trusted certificate using:
orapki
wallet add -wallet . -trusted_cert -cert ca.crt -pwd Welcome123
Test using new URL
No comments:
Post a Comment