Implementing SSL in Apex3.2.1 using Oracle HTTP Server 11.2g

Could anyone please point me at any up-to-date documentation that deals with implementing SSL on Apex3.2.1 and 11.2g Standard One Oracle HTTP Server or something close.
I'm using Windows 7 with Browser, HTTP Server and database all on the same machine for testing purposes.
I have done the following from what I have found so far:
In Oracle Wallet Manager I have created a Certificate Request, sent that to a CA and then imported the Trial SSL Certficate, Trial Secure Server Intermediate CA and Test CA Root Certificate from the CA.
I have updated Apex Admin Services/Manage Service/Instance Settings/Wallet with
file:directory-path and wallet password.
I rebooted the machine to restart all the services, in case I missed any.
However when I change the url from http to https and this is the only change I make then page not found appears. It maybe I need to change the port or some conf files but I'm not sure.
Thanks
dfrost

There is also DRM and Strategic Finance that use IIS, here is the oracle doc on it http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_install_start_here_11121/ch06s03s02.html
Cheers
John
jgblog

Similar Messages

  • Use oracle http server to configure mod_plsql

    Hi,
    I have a question.
    I have already installed HTTP server using the Oracle Database10g Companion CD
    on my Windows 2000 SP4.
    At the end of the installation, it refers to http://<computer_name>:7777
    to open the HTTP server page.
    It seems work fine that it showed the Welcome page of HTTP Server and I find this
    "Oracle HTTP Server is the Web server component of Oracle Application Server 10g Release 2 (10.1.2). Oracle HTTP Server is a robust, reliable Web server based on the Apache HTTP Server, version 1.3."
    But I could'nt do anything of using the mod_plsql components nor another
    Modules (mods) which showed in the welcome page since there is no link to such things.
    BTW, I have experienced with the HTTP server previously on Oracle9i
    When I open the HTTP server page, it showed links to some Modules (mods)
    components such as mod_plsql, etc.
    Does the HTTP Server in this version need to be configured to use the links like in Oracle9i's HTTP Server?
    Or the new Oracle HTTP server does not support for this thing?
    Actually, I worked on Oracle Workflow, which need the Oracle HTTP server to configure
    some few things such as DAD.
    Please, can anybody help me to solve this problem.
    Thanks,
    Buntoro

    look at
    http://download-west.oracle.com/docs/cd/B14117_01/server.101/b12255/confmods.htm
    hope this helps
    carlos

  • Does BPEL PM use Oracle HTTP Server

    Hi,
    Can anyone throw light on how BPEL PM invokes external partner links ? Does it use the Oracle HTTP server to send out the invoke request ?
    TIA

    Maybe use should define what you mean by an internal service as you can connect to DB, JMS, AQ, WS, etc. I'm assuming you mean web service therefore basically the mechanism is HTTP. This does not mean that you need OHS. Also internal services can go through a HTTP server if you desire.
    SOA Suite uses the same technology for both internal and external services. It is only your network that restricts connectivity. SOA Suite can connect directly to external services but this generally isn't recommended as it is a security risk.
    If OHS is killed then you should fail over to another OHS, if this configuration is not in place you will lose connectivity to external services.
    Have a look at this doc, it shows a Oracle's recommendation for enterprise deployments.
    http://download.oracle.com/docs/cd/E12839_01/core.1111/e12036/toc.htm
    cheers
    James

  • Upgrade Oracle http server for last servlet function

    Hi
    Currently i use Oracle http server with servlet.
    It seems that my version with jsdk.jar file don't support EncodeUrl function and web.xml file.
    How can i upgrade my server ?
    I have tried to replace jsdk.jar file with servlet22.jar file but without results !
    Where can i found more information ?
    Thanks
    Philippe

    Hi all
    That´s right, the OHS was installed with the Fusion Middleware Web Utilities installation and working fine !
    The Apex application is online without problems.
    Now, my challenge is to implement the security certificate (SSL) on OHS.
    I´ve been read many things but I´m a little confused and looking for a specific documentation to do that.
    The certificate was generated and got the especific files ( .cer / .crt / .key ) but the problem is how to configure.
    Is it necessary to install another software ?
    Is wallet manager must be used or just configure some files like ssl.conf ?
    Thanks in advance for any help.
    Angelo

  • Weblogic certificate is not being authenticated in Oracle HTTP Server

    I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side:
    [2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2077] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] nzos proxy handshake error, nzos_Handshake returned 29024(server social.us.oracle.com:443, client 10.139.164.191)
    [2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2171] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]
    [2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] (20014)Internal error: proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com)
    [2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com) from 10.139.164.196 ()
    And the following error on the weblogic side:
    ####<Dec 22, 2011 6:40:10 PM MST> <Warning> <Security> <denovm11-1> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8e6c6502a1af117a:4eeee51e:13466bb040d:-8000-000000000000a764> <1324604410502> <BEA-090482> <BAD_CERTIFICATE alert was received from denovm11-6.us.oracle.com - 10.139.164.196. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
    Here is my ssl.conf from OHS:
    # Oracle HTTP Server mod_ossl configuration file: ssl.conf #
    # OHS Listen Port
    Listen 443
    <IfModule ossl_module>
    ## SSL Global Context
    ## All SSL configuration in this context applies both to
    ## the main server and all SSL-enabled virtual hosts.
    # Some MIME-types for downloading Certificates and CRLs
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
    # Pass Phrase Dialog:
    # Configure the pass phrase gathering process.
    # The filtering dialog program (`builtin' is a internal
    # terminal dialog) has to provide the pass phrase on stdout.
    SSLPassPhraseDialog builtin
    # Inter-Process Session Cache:
    # Configure the SSL Session Cache: First the mechanism
    # to use and second the expiring timeout (in seconds).
    SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
    SSLSessionCacheTimeout 300
    # Semaphore:
    # Configure the path to the mutual exclusion semaphore the
    # SSL engine uses internally for inter-process synchronization.
    <IfModule mpm_winnt_module>
    SSLMutex "none"
    </IfModule>
    <IfModule !mpm_winnt_module>
    SSLMutex pthread
    </IfModule>
    ## SSL Virtual Host Context
    <VirtualHost *:443>
    <IfModule ossl_module>
    # SSL Engine Switch:
    # Enable/Disable SSL for this virtual host.
    SSLEngine on
    # Client Authentication (Type):
    # Client certificate verification type and depth. Types are
    # none, optional and require.
    SSLVerifyClient none
    # SSL Cipher Suite:
    # List the ciphers that the client is permitted to negotiate.
    SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
    # SSL Certificate Revocation List Check
    # Valid values are On and Off
    SSLCRLCheck Off
    #Path to the wallet
    SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    </IfModule>
    <IfModule proxy_module>
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    # Path to the wallet
    SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
    SSLProxyEngine on
    SSLProxyVerify none
    # ottest : denovm11-1
    ProxyPass /test https://abc.us.oracle.com:7001/test
    ProxyPassReverse /test https://abc.us.oracle.com:7001/test
    </IfModule>
    </VirtualHost>
    </IfModule>
    On the OHS side I have all the certificates needed so SSL is working properly. The weblogic environment is currently working fine with other webgates, but those are apache and we are trying to switch to OHS.
    Can OHS use mod_proxy to connect to weblogic or do I need to use mod_wl_ohs?
    Does anyone see anything wrong in my ssl.conf file in regards to the proxy section.
    Thanks in advance.

    In summary:
    You need to create a new wallet with CSR (certificate signing req)
    Send this to your certificate authority and get the signed server certificate.
    Now import the signed server cert and the trusted root cert in to the wallet that you created newly.
    Modify ssl.conf to point to the new wallet location.
    To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htm#CHDGIJDC
    Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#CBDGIJDF
    Dont mind if this doc is 500 pages ;)

  • Slow performance with oracle http server connecting weblogic

    I have a performance issue while using Oracle HTTP server as a proxy with weblogic server. It takes 10-15 seconds to pass the requests.
    I also received the error related to SSL in my error logs even though i havent configured the SSL.
    please find the error received in the OHS error logs
    nzos handshake error, nzos_Handshake returned 28862
    NZ Library Error: SSL IO error [Hint: the client stop the connection unexpectedly]
    And please find a request information from the access log files.
    Fri May 28 09:24:48 2010 <5944127503148828> getPooledConn: No more connections in the pool for Host[114.57.162.39] Port[6499] SecurePort[6499]
    Fri May 28 09:24:48 2010 <5944127503148828> general list: trying connect to '114.57.162.39'/6499/6499 at line 3082 for '/fed/user/authnoam?refid=id-ixGFItkxw4Nt4l3wlz4W9sWR-ao-'
    Fri May 28 09:25:00 2010 <5944127503148828> SSL is not configured for this connection
    Fri May 28 09:25:00 2010 <5944127503148828> Local Port of the socket is 4472
    it is visible that the while it is doing "general list trying to connect to" it takes a long time
    Any pointers are highly appreciated.

    Shannon,
    The OHS + Weblogic installation, just means you will have an admin server, with Enterprise Manager that can manage your OHS instances. That being said:
    1 - You don't have to extend any domain, since the only thing OHS will need is an Admin Server with Enterprise Manager.
    2 - I (myself, I don't speak for Oracle here) have a personal preference of having stand alone OHS. If you don't know how to work with httpd.conf and mod_wl.conf, I would suggest installing a separate domain only for it, that way you can keep the weblogic turned off, and turn it on only when you need to edit any configuration.
    Thanks

  • Oracle HTTP Server 9.0.2

    Can I use Oracle HTTP Server 9.0.2 for HTMLDB 2.0? Is there any issue with that version?
    Thanks.
    Andy

    What does the error_log of the Oracle Apache HTTP server say? This is typically in the $ORACLE_HOME/Apache/Apache/logs directory.
    Weird that a mutex create failed. Without the actual o/s error code that resulted, it is difficult to diagnose the problem. Anything in the Application (or Security) Event Log? Access denied seems to indicate an ACL failure of sorts.
    You could also disable FastCGI - it is not very often used and APEX (mod_plsql) does not need it. The httpd.conf file (in $ORACLE_HOME/Apache/Apache/conf) can be edited to disable FastCGI.

  • Need to download - Oracle HTTP Server 10.1.3.3 (based on Apache 2.2)

    Hi,
    I need to install Siebel Application on Linux-64 bit, for which I have to use Oracle HTTP server as my web server.
    The system requirements guide for Siebel mentions that I will need - Oracle HTTP Server 10.1.3.3 (based on Apache Web Server v2.2 or above).
    But I am unable to find Oracle HTTP based on Apache Version 2.2 or above, instead I am able to find Oracle HTTP 10.1.3.3 based on Apache 1.3.
    Can anyone direct me to the appropriate place to find Oracle HTTP Server 10.1.3.3 (based on Apache Web Server v2.2 or above)

    http://www.oracle.com/technology/software/products/ias/htdocs/101310.html

  • Oracle HTTP Server for APEX3.2

    I am a DBA but new to APEX.
    On page 4-15 of APEX3.2 Installation Guide, it says
    Install from the Database and Configure Oracle HTTP Server
    This section describes how to configure Oracle HTTP Server with mod_plsql
    distributed with Oracle Database 11g or Oracle Application Server 10g.
    It seems that Oracle HTTP Server is neither distributed with the database CD nor Example CD. Am I right?
    Also, can I use HTTP Server bundled with OMS to serve as HTTP Server for APEX? Will that impact Grid Control?
    EPG is not considered.
    Thanks,
    Kevin

    Hi
    When using Grid of course, there is a HTTP server
    When having the Rdbms, you need the companion cd or use one of products that has already HTTP server .... ( Example ; IAS, etc )
    Kind regards,
    Iloon

  • SSL Certificate problem in the Oracle http server

    Hi,
    I have setup the oracle http server (OHS 11g) in linux machine and we created a virtual directory to access a web application.
    In NON SSL connection it is working fine but when we try use the SSL connection we are not able to access the web application the port (4443) is not up.
    Require help in this issue ?
    regards,
    Suresh G
    Edited by: Sangeetha on Jan 3, 2013 12:13 PM

    Hi Suresh,
    Did u check the port ??
    Also cud you paste the steps u followed do configure SSl on Ohs ??
    Cheers :-)

  • Strange error when enabling SSL on Oracle HTTP Server

    Hi,
    In our production environment Oracle HTTP Server starts fine when SSL is disabled.
    We've enabled SSL in our dev/uat environments using instructions from the Oracle Documentation. It was pretty straightforward.
    When i tried to do the same in our production environment, the Oracle HTTP Server wouldnt restart. I've had a look around the forums and havent seen anyone report the same error we are seeing in the logfile.
    $ORACE_HOME/opmn/bin/opmnctl verbose startproc ias-component=HTTP_Server
    HTTP/1.1 200 OK
    Content-Length: 0
    Content-Type: text/html
    Response: Ping succeeded.
    opmnctl: starting opmn managed processes...
    HTTP/1.1 204 No Content
    Content-Length: 718
    Content-Type: text/html
    Response: 0 of 1 processes started.
    <?xml version='1.0' encoding='ISO-8859-1'?>
    <response>
    <opmn id="ubrf1200:6201" http-status="204" http-response="0 of 1 processes started.">
    <ias-instance id="IAS-X-ubrf1200.6299">
    <ias-component id="HTTP_Server">
    <process-type id="HTTP_Server">
    <process-set id="HTTP_Server">
    <process id="350814320" pid="29207" status="Stopped" index="1" log="$ORACE_HOME/opmn/logs/HTTP_Server~1" operation="request" result="failure">
    <msg code="-21" text="failed to start a managed process after the maximum retry limit">
    </msg>
    </process>
    </process-set>
    </process-type>
    </ias-component>
    </ias-instance>
    </opmn>
    </response>
    The HTTP_Server~1 log contains the below error:
    09/08/16 13:24:40 Start process
    $ORACLE_HOME/Apache/Apache/bin/apachectl startssl: execing httpd
    VirtualHost configuration:
    127.0.0.1:7201 127.0.0.1 ($ORACLE_HOME/Apache/Apache/conf/dms.conf:21)
    I've compared dms.conf from all 3 of dev/uat/prod
    diff dev-dms.conf dms.conf
    15c15
    < Redirect /dms0/AggreSpy http://127.0.0.1:7200/dmsoc4j/AggreSpy
    Redirect /dms0/AggreSpy http://127.0.0.1:7201/dmsoc4j/AggreSpy
    18,19c18,19
    < Listen 127.0.0.1:7200
    < OpmnHostPort http://127.0.0.1:7200
    Listen 127.0.0.1:7201
    OpmnHostPort http://127.0.0.1:7201
    21c21
    < <VirtualHost 127.0.0.1:7200>
    <VirtualHost 127.0.0.1:7201>30c30
    No Apache logs are being written to when we try starting the Oracle HTTP Server with ssl enabled.
    Has anyone experienced this problem before? Any idea how we can get this working?
    Thanks,
    Stephen

    Noticed that when it starts with apachectl startssl, it doesnt like any <VirtualHost directive
    The line in the dms.conf file that it errors out at is :
    <VirtualHost 127.0.0.1:7201>
    When i added a redirect the httpd.conf file, it errors out at the <VirtualHost line also
    Any idea why the Oracle HTTP Server wouldnt like <VirtualHost directives when running startssl?

  • How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP server

    In 9iAS 9.0.2 Oracle HTTP Server (OHS) is pre-configured to assign requests to the Home OC4J instance via the URL-prefix "/j2ee"/
    For example, the TEST servlet under OC4J would be passed through OHS using:
    http://urmachine:urApachePort/j2ee/TEST
    whereas in the standlone OC4J version, this URL works:
    http://urmachine:urOC4JPort/TEST
    How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP Server?

    It is getting the url prefix from mod_oc4j.conf
    under /ora9ias/Apache/Apache/conf
    You can read more on this at
    http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/web.902/a92173/confmods.htm#1008977
    -Prasad

  • Oracle BI Publisher - can not access Shared Folder , using Oracle BI Server

    Hi there,
    We have an installed OBIEE and BIP (BI Publisher) system which is the security setting of BIP using "Oracle BI Server".
    Our OBIEE security is using the combination of LDAP (authentication) and Relational Table (for grouping user privillege)
    The integration connection between OBIEE and BIP is successfull, and I can connect using Administrator to the BIP
    But when I assign a general user using group : XMLP_Admin (define in rpd file and relational table), the user can log in to BIP, but can NOT access the Shared Folder.
    the error desc : "Error 500: SRVE0199E: OutputStream already obtained"
    Anyone can help ?
    Thanks a lot
    -toni

    Did you define Roles and Permissions to the shared folder from BIP Admin?
    -Prakash

  • Using php with oracle http server

    Hello folks
    This question might have been answered on this forum, but i haven't found it yet.
    Is it possible to integrate php into the apache server that is supplied with the oracle (9.2) database, the so called Oracle HTTP Server?
    What technical issues are to consider and how do you do it on linux in that case? (SLES8)
    Is there any support issues to consider if somebody modifies this oracle supplied http server?
    Looking very much forward to some help...
    Regards,
    Christian

    Well it was a spelling mistake in the beginning. I get the following output now:
    ./configure --with-oci8=$ORACLE_HOME \
    --with-apxs=/opt/oracle/product/9ir2/Apache/Apache/bin/apxs \
    --enable-sigchildcreating cache ./config.cache
    checking host system type... i686-pc-linux-gnu
    checking for gcc... gcc
    checking whether the C compiler (gcc ) works... yes
    checking whether the C compiler (gcc ) is a cross-compiler... no
    checking whether we are using GNU C... yes
    checking whether gcc accepts -g... yes
    checking whether gcc and cc understand -c and -o together... yes
    checking how to run the C preprocessor... gcc -E
    checking for AIX... no
    checking if compiler supports -R... no
    checking if compiler supports -Wl,-rpath,... yes
    checking for re2c... exit 0;
    checking for ranlib... ranlib
    checking whether ln -s works... yes
    checking for gawk... gawk
    checking for bison... bison -y
    checking for bison version... 1.35 (ok)
    checking for flex... lex
    checking for yywrap in -ll... no
    checking lex output file root... ./configure: line 2425: lex: command not found
    configure: error: cannot find output from lex; giving up

  • Using an Oracle Directory as DocumentRoot in Oracle Http Server

    Hello,
    ¿Is it possible that OHS(Oracle Http Server) use an Oracle Directory(directory object in database) as its DocumentRoot? The idea behind that is put the web application's files in Oracle Directories for easily make updates and versioning.
    Thank you very much for your help in advance.

    Thanks Gary , Your reply is perfectly correct ,
    I have verified the same with ETL data lineage guide ,
    The Columns that match to the MCAL_CAL_NAME~MCAL_PERIOD_TYPE
    MCAL_CAL_NAME = GL_PERIODS.PERIODS_SET_NAME
    MCAL_PERIOD_TYPE = GL_PERIODS.PERIOD_TYPE
    Query for same to get from EBS Source will be
    select period_set_name , period_type From gl_periods ;
    Thanks For Help !!
    Regards
    Neeraj Saini

Maybe you are looking for