Implementing SSL in Apex3.2.1 using Oracle HTTP Server 11.2g
Could anyone please point me at any up-to-date documentation that deals with implementing SSL on Apex3.2.1 and 11.2g Standard One Oracle HTTP Server or something close.
I'm using Windows 7 with Browser, HTTP Server and database all on the same machine for testing purposes.
I have done the following from what I have found so far:
In Oracle Wallet Manager I have created a Certificate Request, sent that to a CA and then imported the Trial SSL Certficate, Trial Secure Server Intermediate CA and Test CA Root Certificate from the CA.
I have updated Apex Admin Services/Manage Service/Instance Settings/Wallet with
file:directory-path and wallet password.
I rebooted the machine to restart all the services, in case I missed any.
However when I change the url from http to https and this is the only change I make then page not found appears. It maybe I need to change the port or some conf files but I'm not sure.
Thanks
dfrost
There is also DRM and Strategic Finance that use IIS, here is the oracle doc on it http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_install_start_here_11121/ch06s03s02.html
Cheers
John
jgblog
Similar Messages
-
Use oracle http server to configure mod_plsql
Hi,
I have a question.
I have already installed HTTP server using the Oracle Database10g Companion CD
on my Windows 2000 SP4.
At the end of the installation, it refers to http://<computer_name>:7777
to open the HTTP server page.
It seems work fine that it showed the Welcome page of HTTP Server and I find this
"Oracle HTTP Server is the Web server component of Oracle Application Server 10g Release 2 (10.1.2). Oracle HTTP Server is a robust, reliable Web server based on the Apache HTTP Server, version 1.3."
But I could'nt do anything of using the mod_plsql components nor another
Modules (mods) which showed in the welcome page since there is no link to such things.
BTW, I have experienced with the HTTP server previously on Oracle9i
When I open the HTTP server page, it showed links to some Modules (mods)
components such as mod_plsql, etc.
Does the HTTP Server in this version need to be configured to use the links like in Oracle9i's HTTP Server?
Or the new Oracle HTTP server does not support for this thing?
Actually, I worked on Oracle Workflow, which need the Oracle HTTP server to configure
some few things such as DAD.
Please, can anybody help me to solve this problem.
Thanks,
Buntorolook at
http://download-west.oracle.com/docs/cd/B14117_01/server.101/b12255/confmods.htm
hope this helps
carlos -
Does BPEL PM use Oracle HTTP Server
Hi,
Can anyone throw light on how BPEL PM invokes external partner links ? Does it use the Oracle HTTP server to send out the invoke request ?
TIAMaybe use should define what you mean by an internal service as you can connect to DB, JMS, AQ, WS, etc. I'm assuming you mean web service therefore basically the mechanism is HTTP. This does not mean that you need OHS. Also internal services can go through a HTTP server if you desire.
SOA Suite uses the same technology for both internal and external services. It is only your network that restricts connectivity. SOA Suite can connect directly to external services but this generally isn't recommended as it is a security risk.
If OHS is killed then you should fail over to another OHS, if this configuration is not in place you will lose connectivity to external services.
Have a look at this doc, it shows a Oracle's recommendation for enterprise deployments.
http://download.oracle.com/docs/cd/E12839_01/core.1111/e12036/toc.htm
cheers
James -
Upgrade Oracle http server for last servlet function
Hi
Currently i use Oracle http server with servlet.
It seems that my version with jsdk.jar file don't support EncodeUrl function and web.xml file.
How can i upgrade my server ?
I have tried to replace jsdk.jar file with servlet22.jar file but without results !
Where can i found more information ?
Thanks
PhilippeHi all
That´s right, the OHS was installed with the Fusion Middleware Web Utilities installation and working fine !
The Apex application is online without problems.
Now, my challenge is to implement the security certificate (SSL) on OHS.
I´ve been read many things but I´m a little confused and looking for a specific documentation to do that.
The certificate was generated and got the especific files ( .cer / .crt / .key ) but the problem is how to configure.
Is it necessary to install another software ?
Is wallet manager must be used or just configure some files like ssl.conf ?
Thanks in advance for any help.
Angelo -
Weblogic certificate is not being authenticated in Oracle HTTP Server
I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side:
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2077] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] nzos proxy handshake error, nzos_Handshake returned 29024(server social.us.oracle.com:443, client 10.139.164.191)
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2171] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] (20014)Internal error: proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com)
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com) from 10.139.164.196 ()
And the following error on the weblogic side:
####<Dec 22, 2011 6:40:10 PM MST> <Warning> <Security> <denovm11-1> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8e6c6502a1af117a:4eeee51e:13466bb040d:-8000-000000000000a764> <1324604410502> <BEA-090482> <BAD_CERTIFICATE alert was received from denovm11-6.us.oracle.com - 10.139.164.196. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
Here is my ssl.conf from OHS:
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
# OHS Listen Port
Listen 443
<IfModule ossl_module>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<IfModule mpm_winnt_module>
SSLMutex "none"
</IfModule>
<IfModule !mpm_winnt_module>
SSLMutex pthread
</IfModule>
## SSL Virtual Host Context
<VirtualHost *:443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient none
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule proxy_module>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Path to the wallet
SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
SSLProxyEngine on
SSLProxyVerify none
# ottest : denovm11-1
ProxyPass /test https://abc.us.oracle.com:7001/test
ProxyPassReverse /test https://abc.us.oracle.com:7001/test
</IfModule>
</VirtualHost>
</IfModule>
On the OHS side I have all the certificates needed so SSL is working properly. The weblogic environment is currently working fine with other webgates, but those are apache and we are trying to switch to OHS.
Can OHS use mod_proxy to connect to weblogic or do I need to use mod_wl_ohs?
Does anyone see anything wrong in my ssl.conf file in regards to the proxy section.
Thanks in advance.In summary:
You need to create a new wallet with CSR (certificate signing req)
Send this to your certificate authority and get the signed server certificate.
Now import the signed server cert and the trusted root cert in to the wallet that you created newly.
Modify ssl.conf to point to the new wallet location.
To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htm#CHDGIJDC
Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#CBDGIJDF
Dont mind if this doc is 500 pages ;) -
Slow performance with oracle http server connecting weblogic
I have a performance issue while using Oracle HTTP server as a proxy with weblogic server. It takes 10-15 seconds to pass the requests.
I also received the error related to SSL in my error logs even though i havent configured the SSL.
please find the error received in the OHS error logs
nzos handshake error, nzos_Handshake returned 28862
NZ Library Error: SSL IO error [Hint: the client stop the connection unexpectedly]
And please find a request information from the access log files.
Fri May 28 09:24:48 2010 <5944127503148828> getPooledConn: No more connections in the pool for Host[114.57.162.39] Port[6499] SecurePort[6499]
Fri May 28 09:24:48 2010 <5944127503148828> general list: trying connect to '114.57.162.39'/6499/6499 at line 3082 for '/fed/user/authnoam?refid=id-ixGFItkxw4Nt4l3wlz4W9sWR-ao-'
Fri May 28 09:25:00 2010 <5944127503148828> SSL is not configured for this connection
Fri May 28 09:25:00 2010 <5944127503148828> Local Port of the socket is 4472
it is visible that the while it is doing "general list trying to connect to" it takes a long time
Any pointers are highly appreciated.Shannon,
The OHS + Weblogic installation, just means you will have an admin server, with Enterprise Manager that can manage your OHS instances. That being said:
1 - You don't have to extend any domain, since the only thing OHS will need is an Admin Server with Enterprise Manager.
2 - I (myself, I don't speak for Oracle here) have a personal preference of having stand alone OHS. If you don't know how to work with httpd.conf and mod_wl.conf, I would suggest installing a separate domain only for it, that way you can keep the weblogic turned off, and turn it on only when you need to edit any configuration.
Thanks -
Oracle HTTP Server 9.0.2
Can I use Oracle HTTP Server 9.0.2 for HTMLDB 2.0? Is there any issue with that version?
Thanks.
AndyWhat does the error_log of the Oracle Apache HTTP server say? This is typically in the $ORACLE_HOME/Apache/Apache/logs directory.
Weird that a mutex create failed. Without the actual o/s error code that resulted, it is difficult to diagnose the problem. Anything in the Application (or Security) Event Log? Access denied seems to indicate an ACL failure of sorts.
You could also disable FastCGI - it is not very often used and APEX (mod_plsql) does not need it. The httpd.conf file (in $ORACLE_HOME/Apache/Apache/conf) can be edited to disable FastCGI. -
Hi,
I need to install Siebel Application on Linux-64 bit, for which I have to use Oracle HTTP server as my web server.
The system requirements guide for Siebel mentions that I will need - Oracle HTTP Server 10.1.3.3 (based on Apache Web Server v2.2 or above).
But I am unable to find Oracle HTTP based on Apache Version 2.2 or above, instead I am able to find Oracle HTTP 10.1.3.3 based on Apache 1.3.
Can anyone direct me to the appropriate place to find Oracle HTTP Server 10.1.3.3 (based on Apache Web Server v2.2 or above)http://www.oracle.com/technology/software/products/ias/htdocs/101310.html
-
Oracle HTTP Server for APEX3.2
I am a DBA but new to APEX.
On page 4-15 of APEX3.2 Installation Guide, it says
Install from the Database and Configure Oracle HTTP Server
This section describes how to configure Oracle HTTP Server with mod_plsql
distributed with Oracle Database 11g or Oracle Application Server 10g.
It seems that Oracle HTTP Server is neither distributed with the database CD nor Example CD. Am I right?
Also, can I use HTTP Server bundled with OMS to serve as HTTP Server for APEX? Will that impact Grid Control?
EPG is not considered.
Thanks,
KevinHi
When using Grid of course, there is a HTTP server
When having the Rdbms, you need the companion cd or use one of products that has already HTTP server .... ( Example ; IAS, etc )
Kind regards,
Iloon -
SSL Certificate problem in the Oracle http server
Hi,
I have setup the oracle http server (OHS 11g) in linux machine and we created a virtual directory to access a web application.
In NON SSL connection it is working fine but when we try use the SSL connection we are not able to access the web application the port (4443) is not up.
Require help in this issue ?
regards,
Suresh G
Edited by: Sangeetha on Jan 3, 2013 12:13 PMHi Suresh,
Did u check the port ??
Also cud you paste the steps u followed do configure SSl on Ohs ??
Cheers :-) -
Strange error when enabling SSL on Oracle HTTP Server
Hi,
In our production environment Oracle HTTP Server starts fine when SSL is disabled.
We've enabled SSL in our dev/uat environments using instructions from the Oracle Documentation. It was pretty straightforward.
When i tried to do the same in our production environment, the Oracle HTTP Server wouldnt restart. I've had a look around the forums and havent seen anyone report the same error we are seeing in the logfile.
$ORACE_HOME/opmn/bin/opmnctl verbose startproc ias-component=HTTP_Server
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html
Response: Ping succeeded.
opmnctl: starting opmn managed processes...
HTTP/1.1 204 No Content
Content-Length: 718
Content-Type: text/html
Response: 0 of 1 processes started.
<?xml version='1.0' encoding='ISO-8859-1'?>
<response>
<opmn id="ubrf1200:6201" http-status="204" http-response="0 of 1 processes started.">
<ias-instance id="IAS-X-ubrf1200.6299">
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server">
<process-set id="HTTP_Server">
<process id="350814320" pid="29207" status="Stopped" index="1" log="$ORACE_HOME/opmn/logs/HTTP_Server~1" operation="request" result="failure">
<msg code="-21" text="failed to start a managed process after the maximum retry limit">
</msg>
</process>
</process-set>
</process-type>
</ias-component>
</ias-instance>
</opmn>
</response>
The HTTP_Server~1 log contains the below error:
09/08/16 13:24:40 Start process
$ORACLE_HOME/Apache/Apache/bin/apachectl startssl: execing httpd
VirtualHost configuration:
127.0.0.1:7201 127.0.0.1 ($ORACLE_HOME/Apache/Apache/conf/dms.conf:21)
I've compared dms.conf from all 3 of dev/uat/prod
diff dev-dms.conf dms.conf
15c15
< Redirect /dms0/AggreSpy http://127.0.0.1:7200/dmsoc4j/AggreSpy
Redirect /dms0/AggreSpy http://127.0.0.1:7201/dmsoc4j/AggreSpy
18,19c18,19
< Listen 127.0.0.1:7200
< OpmnHostPort http://127.0.0.1:7200
Listen 127.0.0.1:7201
OpmnHostPort http://127.0.0.1:7201
21c21
< <VirtualHost 127.0.0.1:7200>
<VirtualHost 127.0.0.1:7201>30c30
No Apache logs are being written to when we try starting the Oracle HTTP Server with ssl enabled.
Has anyone experienced this problem before? Any idea how we can get this working?
Thanks,
StephenNoticed that when it starts with apachectl startssl, it doesnt like any <VirtualHost directive
The line in the dms.conf file that it errors out at is :
<VirtualHost 127.0.0.1:7201>
When i added a redirect the httpd.conf file, it errors out at the <VirtualHost line also
Any idea why the Oracle HTTP Server wouldnt like <VirtualHost directives when running startssl? -
How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP server
In 9iAS 9.0.2 Oracle HTTP Server (OHS) is pre-configured to assign requests to the Home OC4J instance via the URL-prefix "/j2ee"/
For example, the TEST servlet under OC4J would be passed through OHS using:
http://urmachine:urApachePort/j2ee/TEST
whereas in the standlone OC4J version, this URL works:
http://urmachine:urOC4JPort/TEST
How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP Server?It is getting the url prefix from mod_oc4j.conf
under /ora9ias/Apache/Apache/conf
You can read more on this at
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/web.902/a92173/confmods.htm#1008977
-Prasad -
Oracle BI Publisher - can not access Shared Folder , using Oracle BI Server
Hi there,
We have an installed OBIEE and BIP (BI Publisher) system which is the security setting of BIP using "Oracle BI Server".
Our OBIEE security is using the combination of LDAP (authentication) and Relational Table (for grouping user privillege)
The integration connection between OBIEE and BIP is successfull, and I can connect using Administrator to the BIP
But when I assign a general user using group : XMLP_Admin (define in rpd file and relational table), the user can log in to BIP, but can NOT access the Shared Folder.
the error desc : "Error 500: SRVE0199E: OutputStream already obtained"
Anyone can help ?
Thanks a lot
-toniDid you define Roles and Permissions to the shared folder from BIP Admin?
-Prakash -
Using php with oracle http server
Hello folks
This question might have been answered on this forum, but i haven't found it yet.
Is it possible to integrate php into the apache server that is supplied with the oracle (9.2) database, the so called Oracle HTTP Server?
What technical issues are to consider and how do you do it on linux in that case? (SLES8)
Is there any support issues to consider if somebody modifies this oracle supplied http server?
Looking very much forward to some help...
Regards,
ChristianWell it was a spelling mistake in the beginning. I get the following output now:
./configure --with-oci8=$ORACLE_HOME \
--with-apxs=/opt/oracle/product/9ir2/Apache/Apache/bin/apxs \
--enable-sigchildcreating cache ./config.cache
checking host system type... i686-pc-linux-gnu
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking whether gcc and cc understand -c and -o together... yes
checking how to run the C preprocessor... gcc -E
checking for AIX... no
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking for re2c... exit 0;
checking for ranlib... ranlib
checking whether ln -s works... yes
checking for gawk... gawk
checking for bison... bison -y
checking for bison version... 1.35 (ok)
checking for flex... lex
checking for yywrap in -ll... no
checking lex output file root... ./configure: line 2425: lex: command not found
configure: error: cannot find output from lex; giving up -
Using an Oracle Directory as DocumentRoot in Oracle Http Server
Hello,
¿Is it possible that OHS(Oracle Http Server) use an Oracle Directory(directory object in database) as its DocumentRoot? The idea behind that is put the web application's files in Oracle Directories for easily make updates and versioning.
Thank you very much for your help in advance.Thanks Gary , Your reply is perfectly correct ,
I have verified the same with ETL data lineage guide ,
The Columns that match to the MCAL_CAL_NAME~MCAL_PERIOD_TYPE
MCAL_CAL_NAME = GL_PERIODS.PERIODS_SET_NAME
MCAL_PERIOD_TYPE = GL_PERIODS.PERIOD_TYPE
Query for same to get from EBS Source will be
select period_set_name , period_type From gl_periods ;
Thanks For Help !!
Regards
Neeraj Saini
Maybe you are looking for
-
Microsoft Word 2008 does not work after lion installation
After I installed Lion in my MacBook Pro, Microsoft word 2008 failed to work properly. Each time I try to quit word an error message appears and word closes and reloads automatically. The only way I can now really quite word is by the 'Force quit' op
-
Add row based on previous row in table control?
Dear all, I have a table control with some rows. Every row contains one button. On button click i want to add another row with dirrerent data. I want to add content based on button text or another columns (ex text views text,) based on this text view
-
I've recently returned to Verizon after a disastrous and short lived relationship with Sprint. My wife and I had to terminate our contract with them because of several issues and because she was the one that cracked first, she was the one that got to
-
Batch convert Captivate version 1 to 2?
Does anyone know of a way to convert multiple Captivate version 1 files to version 2 without having to open each one individually? We have a lot of files to convert and something like this would save a lot of time. Perhaps a batch file or other scrip
-
On the new time capsule a/c, does the time capsule have to remain up-right? Can the time capsule lay on it's side and still function? Thanks