Virtual Directory Change from Oracle HTTP Server to Embedded PL/SQL Gateway

Similar Messages

• Logging into APEX through Oracle XML DB HTTP Server and Embedded PL/SQL

  Hi,
  I have just finished installing Apex 3.0 on RHEL 4. I am not using HTTP Server, but Embedded PL/SQL. When I go to the page administrator page http://host:8080/pls/apex/apex_admin a prompt pops up and when I give the username as "admin" and the password then it doesn't log me in. I ran the apxconf.sql script and reset the admin password and it is still not letting me log in.
  Please advise

  Unfortunately, using the pl/sql gateway is not yet supported. The documentation should be more clear about that.
  You'll need to use the HTTP server.
  See FAQ #8:
  http://www.oracle.com/technology/products/database/application_express/html/3.0_fsps.html#08

• Enable SSL/https on ApEx Embedded PL/SQL Gateway/11g?

  Hi,
  I'm a newbie to ApEx. And I notice that most of ApEx applications are run on "http" instead of "https". Aren't you concerned about its security? What's your take on SSL/https with ApEx?
  I understand that it takes several steps to set it up on Oracle HTTP Apache server (ie: set up Oracle Wallet Manager, go to a certificate authority to get obtain a certificate, configure Oracle HTTP Server...etc). But does it work on Embedded PL/SQL Gateway (ie: runs XML DB HTTP instead of a separet Apache web server)?
  Any experience/suggestions/ideas?
  Thanks much,
  Helen

  Here is the Oracle documentation:
  [http://download-uk.oracle.com/docs/cd/B19306_01/appdev.102/b14259/xdb22pro.htm#CHDCAHDH]
  Here is a little more friendly post:
  [http://wiki.shellprompt.net/bin/view/Apex/SSLandAPEXxdbHttp?TWIKISID=6fa6f4a0bbb698921c333d6d0c859970]
  Friendly post originally from:
  Can the embedded PL/SQL gateway handle SSL?
  -Richard

• SSL on ORACLE XE APEX 4 EMBEDDED PL/SQL GATEWAY

  Hello
  Can somebody explain how to configure SSL for oracle xe apex 4.0 on windows server step by step from begining to end? I've tried different examples, but I failed to make.
  Thank you!

  Hi,
  I found this post. It might help you
  Oracle 11g, APEX 3.0.1, dbms_epg and SSL - is this possible?
  Regards,
  Jari

• Can I change from Embedded PL/SQL Gateway to Oracle HTTP Server/Apache?

  Hi everyone
  Can I change a running installation of Oracle 10.2.0 Application Express 3.2.1.00.10 to move away from the Embedded PL/SQL Gateway on to the Oracle HTTP Apache server? I'd like the change to be as transparent as possible to avoid an outage if I can. Do I need to reinstall everything and just import a backup or is there a way to switch between the http servers? I couldn't find anything on "switching" in the User's guide, so I was hoping one of you may have successfully tried this.
  Many thanks for your help!
  m.

  It should be straight forward with a very small downtime. Test on dev system before interrupting the prod system.
  1. Install OHS
  2. Configure OHS
  3. Configure the mod_plsql plugin
  4. Stop the Embedded PL/SQL Gateway
  Let the users know about the new URL.
  All the above steps are documented in the docs.
  -Andy

• Oracle Http server 11g, change ports with command-line tool

  I have installed the WLS11g webtier's Oracle Http server 11g. I installed the OH 11g only.
  The OH is runing fine with ports: non-ssl 7779 and ssl 4444
  I want to change the ssl port to 443 such that we can have the url without showing the port as https://hostname.domain/
  I have looked up the documnet http://download.oracle.com/docs/cd/E15523_01/core.1111/e10105/ports.htm#CIHJIFHB for "managing port".
  it states "You can change the port numbers for some Oracle Fusion Middleware components, using Fusion Middleware Control, Oracle WebLogic Server Administration Console, or *the command line*."
  Because I only installed the OH, I have no the Fusion Middleware control , admin console available for making the port change. And I cannot find out how to the command line tool to make the change.
  I followed the steps in section 5.3.2.1 Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX Only) http://download.oracle.com/docs/cd/E15523_01/core.1111/e10105/ports.htm#CIHJEEJH
  And I did edit ssl.conf for port change to 443 ---- this is not documented in the document. I think because Oracle wants you to use the console to make the change.
  OH is not working after I made the change.
  Does anyone know how to use the commend line tool for making the port changes for OH11g?
  Thanks

  Hi,
  if u want to achieve it using JMX then u can try :
  http://middlewaremagic.com/weblogic/?p=613
  Using Command Line Option WLST you can do it in ONLINE Mode...like:
  Step1). Please run the ". ./setWLSEnv.sh" script to set the CLASSPATH & PATH in the shell prompt.
  <b><font color=red>NOTE:</font></b> Run the “setWLSEnv.sh” by adding two DOTs separated by a single space …..before the actual script like following : (use ‘cd’ command to move inside the <BEA_HOME>/wlserver_10.3/server/bin) then run the following command….
  *. ./setWLSEnv.sh*
  Note: the first DOT represents that set the Environment in the current Shell, AND the second ./ represents execute the script from the current directory.
  Step2). Now in the same Shell Prompt please run the WLST Utility like following:
  <b><font color=maroon>
  java weblogic.WLST
  wls:/offline> connect()
  Please enter your username [weblogic] : weblogic
  Please enter your password [weblogic] : weblogic
  Please enter your server URL [t3://localhost:7001] : t3://localhost:7001
  Connecting to t3://localhost:7001 with userid weblogic ...
  edit()
  startEdit()
  cd ('Servers/AdminServer')
  cmo.setListenPort(9999)
  save()
  activate()
  </font></b>
  Now you NEED NOT to restart your Server to reflact these Changes....
  The Above JMX Code is also able to do it in Runtime only on the Fly.
  Thanks
  Jay SenSharma
  http://middlewaremagic.com/weblogic (Middleware Magic Is Here)

• Using an Oracle Directory as DocumentRoot in Oracle Http Server

  Hello,
  ¿Is it possible that OHS(Oracle Http Server) use an Oracle Directory(directory object in database) as its DocumentRoot? The idea behind that is put the web application's files in Oracle Directories for easily make updates and versioning.
  Thank you very much for your help in advance.

  Thanks Gary , Your reply is perfectly correct ,
  I have verified the same with ETL data lineage guide ,
  The Columns that match to the MCAL_CAL_NAME~MCAL_PERIOD_TYPE
  MCAL_CAL_NAME = GL_PERIODS.PERIODS_SET_NAME
  MCAL_PERIOD_TYPE = GL_PERIODS.PERIOD_TYPE
  Query for same to get from EBS Source will be
  select period_set_name , period_type From gl_periods ;
  Thanks For Help !!
  Regards
  Neeraj Saini

• How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP server

  In 9iAS 9.0.2 Oracle HTTP Server (OHS) is pre-configured to assign requests to the Home OC4J instance via the URL-prefix "/j2ee"/
  For example, the TEST servlet under OC4J would be passed through OHS using:
  http://urmachine:urApachePort/j2ee/TEST
  whereas in the standlone OC4J version, this URL works:
  http://urmachine:urOC4JPort/TEST
  How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP Server?

  It is getting the url prefix from mod_oc4j.conf
  under /ora9ias/Apache/Apache/conf
  You can read more on this at
  http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/web.902/a92173/confmods.htm#1008977
  -Prasad

• Changes in webservices while migrating from Oracle App Server to WebLogic

  Dear All,
  I am developing webservices for a external users.
  I am new to webservices.
  We were using Oracle Application server to deploy the webservices.
  The architecture was as mentioned below
  1) A interface class
  2) A Implementation class for the above interface class
  Now we are planning to migrate from Oracle application server to Weblogic Application server.
  I have few doubts about the migration,
  1) Will there be any difference between Oracle specific WSDL and WSDL created by Weblogic ant build command
  2) As our external parties are referring our SOAP requests ans responses for their implementation, i am concerned about the changes in the SOAP request and response formats. Will there be changes due to application server change?
  Oracle app server - Oracle 10g application server version 9.0.4.0
  Weblogic appl server - Weblogic application server version 10.3.0.0

  Now after creating the WSDL by Weblogic workshop. The previous request XML is not working.
  Can someone help soving the below query.
  We are in process of upgrading the Oracle 10g application server version 9.0.4.0 to Weblogic application server version 10.3.0.0. In the old application server we were using axis specific jars to create the WSDL for the webservices. There are so many third party applications which are accessing our webservices, so we can not change the wsdl, clients accessiong the webservices and the corresponding formats of request and response xml messages. So we need to deploy the same wsdl and for the same we need to deploy axis on to weblogic 10.3. Can you please help us regarding the same.
  Qns
  1 - If we can deploy the axis on to the Weblogic 10.3
  2 - Can we use the same WSDL in the Weblogic server too.
  3 - If we use the same WSDL, will it help us to keep the client accessing the webservices, the request xml format, response XML format the same as it is with Oracle 10g application server case.
  4 - Please share how to deploy axis on to the Weblogic 10.3 application server.
  5 - Please share how we can create EARs that can be deployed on the webserver using axis specific jars.
  Thanks and Regards
  Manoj

• Weblogic certificate is not being authenticated in Oracle HTTP Server

  I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side:
  [2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2077] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] nzos proxy handshake error, nzos_Handshake returned 29024(server social.us.oracle.com:443, client 10.139.164.191)
  [2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2171] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]
  [2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] (20014)Internal error: proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com)
  [2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com) from 10.139.164.196 ()
  And the following error on the weblogic side:
  ####<Dec 22, 2011 6:40:10 PM MST> <Warning> <Security> <denovm11-1> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8e6c6502a1af117a:4eeee51e:13466bb040d:-8000-000000000000a764> <1324604410502> <BEA-090482> <BAD_CERTIFICATE alert was received from denovm11-6.us.oracle.com - 10.139.164.196. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
  Here is my ssl.conf from OHS:
  # Oracle HTTP Server mod_ossl configuration file: ssl.conf #
  # OHS Listen Port
  Listen 443
  <IfModule ossl_module>
  ## SSL Global Context
  ## All SSL configuration in this context applies both to
  ## the main server and all SSL-enabled virtual hosts.
  # Some MIME-types for downloading Certificates and CRLs
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl .crl
  # Pass Phrase Dialog:
  # Configure the pass phrase gathering process.
  # The filtering dialog program (`builtin' is a internal
  # terminal dialog) has to provide the pass phrase on stdout.
  SSLPassPhraseDialog builtin
  # Inter-Process Session Cache:
  # Configure the SSL Session Cache: First the mechanism
  # to use and second the expiring timeout (in seconds).
  SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
  SSLSessionCacheTimeout 300
  # Semaphore:
  # Configure the path to the mutual exclusion semaphore the
  # SSL engine uses internally for inter-process synchronization.
  <IfModule mpm_winnt_module>
  SSLMutex "none"
  </IfModule>
  <IfModule !mpm_winnt_module>
  SSLMutex pthread
  </IfModule>
  ## SSL Virtual Host Context
  <VirtualHost *:443>
  <IfModule ossl_module>
  # SSL Engine Switch:
  # Enable/Disable SSL for this virtual host.
  SSLEngine on
  # Client Authentication (Type):
  # Client certificate verification type and depth. Types are
  # none, optional and require.
  SSLVerifyClient none
  # SSL Cipher Suite:
  # List the ciphers that the client is permitted to negotiate.
  SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
  # SSL Certificate Revocation List Check
  # Valid values are On and Off
  SSLCRLCheck Off
  #Path to the wallet
  SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
  SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
  SSLOptions +StdEnvVars
  </Directory>
  BrowserMatch ".*MSIE.*" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  </IfModule>
  <IfModule proxy_module>
  ProxyRequests Off
  <Proxy *>
  Order deny,allow
  Allow from all
  </Proxy>
  # Path to the wallet
  SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
  SSLProxyEngine on
  SSLProxyVerify none
  # ottest : denovm11-1
  ProxyPass /test https://abc.us.oracle.com:7001/test
  ProxyPassReverse /test https://abc.us.oracle.com:7001/test
  </IfModule>
  </VirtualHost>
  </IfModule>
  On the OHS side I have all the certificates needed so SSL is working properly. The weblogic environment is currently working fine with other webgates, but those are apache and we are trying to switch to OHS.
  Can OHS use mod_proxy to connect to weblogic or do I need to use mod_wl_ohs?
  Does anyone see anything wrong in my ssl.conf file in regards to the proxy section.
  Thanks in advance.

  In summary:
  You need to create a new wallet with CSR (certificate signing req)
  Send this to your certificate authority and get the signed server certificate.
  Now import the signed server cert and the trusted root cert in to the wallet that you created newly.
  Modify ssl.conf to point to the new wallet location.
  To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htm#CHDGIJDC
  Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#CBDGIJDF
  Dont mind if this doc is 500 pages ;)

• Oracle HTTP Server

  Sir,
  I once again facing problem of HTTP Server it again not started the file contain the following entries where didn't show any duplicate entries but HTTP server couldn't start please help me.
  Oracle Appachae file contain following entries
  # Advanced Queuing - AQ XML
  include "H:\oracle\ora92\rdbms\demo\aqxml.conf"
  include "H:\oracle\ora92\xdk\admin\xml.conf"
  include "H:\oracle\ora92\Apache\modplsql\cfg\plsql.conf"
  include "H:\oracle\ora92\Apache\jsp\conf\ojsp.conf"
  include "H:\oracle\ora92\sqlplus\admin\isqlplus.conf"
  include "H:\oracle\ora92/oem_webstage/oem.conf"
  oracle isqlplus.conf contain following entries
  # Copyright (c) 2001, 2002, Oracle Corporation. All rights reserved.
  # NAME
  # isqlplus.conf
  # PURPOSE
  # Oracle HTTP Server directives for the iSQL*Plus server
  # USAGE
  # This file should be included in the Oracle HTTP Server
  # "oracle_apache.conf" file.
  # Enable handling of all virtual paths beginning with "/iplus/"
  # Note: only /iplus/ is mapped, /iplus is not being mapped
  <IfModule mod_alias.c>
  Alias /iplus/ "H:\oracle\ora92\sqlplus\admin\iplus/"
  # Disallow users from trying to access /iplus/ directory listing
  <Directory "H:\oracle\ora92\sqlplus\admin\iplus">
  AllowOverride None
  Options FollowSymLinks
  Order deny,allow
  Allow from all
  </Directory>
  </IfModule>
  # Maps all virtual paths beginning with "/isqlplus*" to the iSQL*Plus
  # FastCGI application
  <IfModule mod_alias.c>
  ScriptAliasMatch ^/isqlplus(.*) H:\oracle\ora92\bin\isqlplus
  ScriptAliasMatch ^/isqlplusdba(.*) H:\oracle\ora92\bin\isqlplus
  <Directory "H:\oracle\ora92\bin">
  AllowOverride None
  Options FollowSymLinks
  Order deny,allow
  Allow from all
  </Directory>
  </IfModule>
  # Enable handling of all virtual paths beginning with "/isqlplus"
  <Location /isqlplus>
  SetHandler fastcgi-script
  Order deny,allow
  # Comment "Allow ..." and uncomment the four lines "AuthType ..."
  # to "Require ..." if Oracle HTTP authentication access is required
  # for the http://.../isqlplus URL
  Allow from all
  #AuthType Basic
  #AuthName 'iSQL*Plus'
  #AuthUserFile H:\oracle\ora92\sqlplus\admin\iplus.pw
  #Require valid-user
  </Location>
  # Enable handling of all virtual paths beginning with "/isqlplusdba".
  # Note: Oracle HTTP authentication access must be configured to
  # prevent unauthorized users performing DBA operations on
  # the database
  # Use the HTTP server utility script "htpasswd" to add users to the
  # "iplusdba.pw" file.
  <Location /isqlplusdba>
  SetHandler fastcgi-script
  Order deny,allow
  AuthType Basic
  AuthName 'iSQL*Plus DBA'
  AuthUserFile H:\oracle\ora92\sqlplus\admin\iplusdba.pw
  Require valid-user
  </Location>
  # Setup the iSQL*Plus FastCGI application.
  <IfModule mod_fastcgi.c>
  FastCgiServer H:\oracle\ora92\bin\isqlplus -port 8228 -initial-env iSQLPlusNumberOfThreads=20 -initial-env iSQLPlusTimeOutInterval=30 -initial-env iSQLPlusLogLevel=off -initial-env iSQLPlusAllowUserEntMap=none -idle-timeout 3600
  </IfModule>

  I once again facing problem of HTTP Server it again not startedWhat error do you get? What OS are you using? Which release
  and version of Oracle are you using? What debugging steps have you
  alread tried and what results did they give you?
  -- CJ

• Implementing SSL in Apex3.2.1 using Oracle HTTP Server 11.2g

  Could anyone please point me at any up-to-date documentation that deals with implementing SSL on Apex3.2.1 and 11.2g Standard One Oracle HTTP Server or something close.
  I'm using Windows 7 with Browser, HTTP Server and database all on the same machine for testing purposes.
  I have done the following from what I have found so far:
  In Oracle Wallet Manager I have created a Certificate Request, sent that to a CA and then imported the Trial SSL Certficate, Trial Secure Server Intermediate CA and Test CA Root Certificate from the CA.
  I have updated Apex Admin Services/Manage Service/Instance Settings/Wallet with
  file:directory-path and wallet password.
  I rebooted the machine to restart all the services, in case I missed any.
  However when I change the url from http to https and this is the only change I make then page not found appears. It maybe I need to change the port or some conf files but I'm not sure.
  Thanks
  dfrost

  There is also DRM and Strategic Finance that use IIS, here is the oracle doc on it http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_install_start_here_11121/ch06s03s02.html
  Cheers
  John
  jgblog

• Set up Oracle HTTP Server  for a particular IP address

  How do I set up Oracle HTTP Server to allow access control based on a particular IP address to certain CGI Scripts if a site is a local site?
  I have tried this in httpd.conf file but it does not restrict a particular IP address (say 10.1.2.4) in my home network (consists of 3 PCs). 10.1.2.3 is the IP address of node where OHS is installed. I access my OHS from client like this http://10.1.2.3:7777/cgi-bin/printenv
  ScriptAlias /cgi-bin/ "C:\oracle_home\Apache\Apache\cgi-bin/"
  <Directory C:\oracle_home\Apache\Apache\cgi-bin>
  AllowOverride None
  Options None
  Order Deny,Allow
  Deny from all
  Allow from 10.1.2.3
  </Directory>
  Note: - I have not made any changes in the default configuration of OHS.
  Any help for a student like me will be highly appreciated.
  Regards
  Rajesh Kumar

  No the idea is not to disable the signature. The reason why I wanted you to locate the specific block/deny was to make it easier to fix it. I would still recommend to use the Event Action Filters only to exclude the host and not disable the signature altogether.
  That said, there are some signatures that "according to the documentation" cannot be excluded using event actions like Sweep signatures. These signatures have a field for Source/Dest IP built-in to exclude specific hosts. HOwever to be honest I could get event actions to work perfectly with event actions on our customers ;), so it could be an old restriction still mentioned in the docs.
  Lastly, you only disable a signature when you are absolutely sure that you are not running the Software/Application/Service on your network. For example on one customer we would frequently get VPN 3000 COnc. HTTP attack signatures fired for internet traffic, and since there is no chance to add any VPN3k on this network (its already End of Sale), I disabled this signature.
  Regards
  Farrrukh

• Installation of the VeriSign digital certification in Oracle HTTP Server

  I am not obtaining to generate to the pair of keys and the CSR in Oracle HTTP Server, will have some tip I is thankful.
  Thanks
  Leandro

  Hi Leandro,
  Here are some steps to setup digital certificates into Oracle HTTP Server for Unix.
  1. The temporary working directory is /u01/tmp/myssl.
  2. The contents of <9iAS_HOME>/Apache/open_ssl/bin have been copied to the
  temporary working directory created in Assumption #1.
  3. SSL file names are priv.key (private key), certreq.csr (certificate request),
  and cert.crt (SSL certificate). The actual SSL certificate file could be
  named other than 'cert.crt'.
  4. By default, SSL is configured using port 443, which requires ROOT access to
  start the web listener.
  If you want to change this from the default port, you will need to change
  the following two parameters in the httpd.conf file to an unused port number:
  Listen 443
  <VirtualHost default:443>
  5. All necessary UNIX environment variables are set correctly for your Oracle
  product before implementing these procedures.
  6. User must be familiar with UNIX concepts like shell navigation, UNIX
  environments, file manipulation/search, file copy/backups, etc.
  How to Request and Configure an SSL Certificate for Oracle9i Application Server
  Step-by-Step Instructions:
  1. Change your present working directory to the temporary working directory, e.g.,
  /u01/tmp/myssl. Ensure the contents of <9iAS_HOME>/Apache/open_ssl/bin have
  been copied into this temporary working directory.
  2. Copy 5 large files, each at least 250KB, into your temporary working directory.
  Suggest looking in any /bin directory for large sized binary files. Execute
  the following command to generate the random character file:
       % openssl md5 * > rand.rnd
  3. Execute the following command to generate the private key (priv.key):
  % openssl genrsa -rand rand.rnd -des3 1024 > priv.key
       - when prompted, enter a "PEM pass phrase" password
       - re-enter password when prompted to verify password
       -- remember the pass phrase password you entered
       - this command generates the priv.key file and associated pass phrase
       - set permissions on the priv.key file to prevent unauthorized editing
       % chmod 400 priv.key
       - backup the priv.key file to a secure location
  NOTE
  The PEM pass phrase must be at least 4 characters in length. Remember this
  pass phrase, you will be prompted to enter it in the next step and each
  time you start up the Oracle HTTP Server (OHS) in SSL mode.
  Optionally, you can unencrypt the value of the private key, so that you
  will not be prompted for the PEM pass phrase every time you start up OHS
  in SSL mode.
  To unencrypt the private key, execute the following two commands (Note:
  ensure file permissions set to r+w):
       % cp priv.key priv.key.bak
       % openssl rsa -in priv.key.bak -out priv.key
  - the demo certificate shipped with Oracle9iAS does not require a pass
  phrase to start OHS in SSL mode.
  - on UNIX, to generate the certificate request and start OHS in SSL mode,
  the pass phrase must be entered, unless you executed the above steps
  to unencrypt.
  - on Windows NT/2000, if a certificate is used that has a pass phrase,
  the OHS will hang; therefore, on Windows NT/2000, you must execute
  the steps to unencrypt.
  4. Execute the following command to generate an SSL certificate request
  (certreq.csr) based on your private key.
       % openssl req -new -key priv.key -out certreq.csr -config openssl.cnf
       - when prompted, enter the "PEM pass phrase" set when the private key
  was created.
       - when prompted, enter the requested fields that make up the
  Distinguished Name.
       -- each entry must be valid information, i.e., email, state, location, etc.
       - when prompted for the "Common Name", you MUST enter the fully
  qualified name which will be accessed via client browsers; e.g.,
  if clients will use:
  https://mysite.domain.com
       -- then, you must enter mysite.domain.com as the "Common Name"
       - the requested 'extra' attributes, i.e., "challenge password" and
  "optional company name", are OPTIONAL; just hit ENTER to use NULL values.
  5. You should now have the private key and certificate request files (priv.key
  and certreq.csr) in your temporary working directory.
  NOTE
  At this point, you can use your certificate request file 'certreq.csr' to
  order a valid SSL certificate from any CA-vendor, e.g., Verisign.
  After you receive your SSL certificate, skip to Step #6 for instructions
  on how to deploy your SSL files.
  OPTIONAL
  You can start 9iAS in SSL mode (see Step #12) and test the pre-installed demo
  certificate and private key included for testing purposes.
  It is a good idea to test to be sure the Oracle HTTP Server SSL mode works
  successfully before deploying your new SSL certificate. To try these demo
  files, access the 9iAS index page in a browser using the HTTPS protocol and
  the appropriate SSL Listen port. URL format:
  https://myhost.domain.com:<ssl_port>
  The user will see a Security Alert (IE), or New Site Certificate (Netscape)
  warning message, click Continue/Next to accept.
  OPTIONAL
  To create a self-signed certificate, execute the following commands:
  (csh) % setenv RANDFILE rand.rnd
  <sh or ksh> % export RANDFILE=rand.rnd
  % openssl x509 -req -days 30 -in certreq.csr -signkey priv.key > tempcert.crt
  - when prompted, enter the "PEM pass phrase" set when the private key was created.
  - this command generates a temporary self-signed certificate file 'tempcert.crt'
  valid for 30 days, which can be used while awaiting a valid SSL certificate
  purchased from an authorized CA-vendor.
  - if this option is used, after generating the 'tempcert.crt' file, skip to
  Step #6 for instructions on how to deploy your SSL files.
  OPTIONAL
  These steps are specifically for requesting a TRIAL certificate from the
  CA-vendor Verisign.
  - Go to www.verisign.com and click on "Free Guides and Trials" link and
  follow instructions to request a "Free Trial SSL ID". During this process,
  you will be asked to provide certificate request information.
  - Open the 'certreq.csr' file using your text editor of choice.
  - Starting with "-----BEGIN NEW CERTIFICATE REQUEST-----" copy all lines
  including the BEGIN and END of certificate lines.
  - Paste this copied data into the Verisign page where requested and continue.
  - You will see the Verisign web site decode your certificate request
  information. This decoded information is presented to you to verify it is
  correct. If it is, then continue with the process.
  - You will be presented with another set of questions from Verisign. Be sure
  to answer with the correct email address, as this address will be used to
  send your SSL certificate.
  - After you answer all these questions, you will be sent a TRIAL 14-day
  SSL certificate via email.
  - WARNING! You must follow this step carefully, you cannot copy and paste
  information from an email to a new text file. After you get your TRIAL
  certificate, save the entire email message to a text file. Open this file
  using your text editor of choice. You will see the email address header
  information and the line:
  -----BEGIN CERTIFICATE-----
  - Delete all text that appears before the -----BEGIN CERTIFICATE----- line.
  The modified file should contain only certificate information. After you
  delete the email header, save this text file inside your temporary directory
  with the filename 'trialcert.crt'.
  6. Now you are ready to configure Oracle9i Application Server (9iAS) with your
  SSL certificate files.
  7. Back up your existing <9iAS_HOME>/Apache/Apache/conf/httpd.conf file.
  8. Open the httpd.conf file with your text editor of choice.
  9. Edit the following httpd.conf directives to use your generated private key
  and SSL certificate file, which could be the filename for either the
  temporary self-signed certificate, the TRIAL test certificate, or the
  purchased valid certificate. The information following the # symbol are
  comments.
  NOTE
  The directory of the SSL files (private key and certificate file)
  can reside in any location you choose. The temporary working
  directory will continue to be referenced in these procedure steps.
  # use the appropriate (i.e., valid, temporary, or trial) certificate filename
  SSLCertificateFile /u01/tmp/myssl/tempcert.crt
  #private key from Step #4 above:
  SSLCertificateKeyFile /u01/tmp/myssl/priv.key
  10. Save your modified httpd.conf and exit the text editor.
  11. Log in as authorized user (if default ports 80 and 443 are used, ROOT user
  must execute commands in next step).
  12. Execute the following command to stop, then start Apache in SSL mode
  (ensure proper UNIX environments are set; else, execute command from
  <9iAS_HOME>/Apache/Apache/bin.)
  For Oracle8iAS 1.x:
  % httpdsctl stop
  % httpdsctl startssl
  For Oracle9iAS 1.0.2.x:
  % apachectl stop
  % apachectl startssl
  - when prompted, enter the "pass phrase" created in Step #3.
  -- not required if you unencrypted the private key file
  - when the Oracle HTTP Server starts successfully in SSL mode, access the
  9iAS index page in a browser using the HTTPS protocol and the appropriate
  SSL Listen port. URL format:
  https://myhost.domain.com:<ssl_port>
  - if using a temporary self-signed or TRIAL test certificate, the user will
  see a Security Alert (IE), or New Site Certificate (Netscape) warning message,
  click Continue/Next to accept.
  ====================
  I hope this help !!
  Ilan Salviano

• Facing problem in installing oracle http server

  hi,
  i am trying to install oracle http server from companion cd (oracle 10g) but facing this error
  /Apache/Apache/bin/httpd: error while loading shared libraries: libdb.so.2: cannot open shared object file: No such file or directory.
  i don't know what to do.
  plz help

  Hi,
  there are other posts on this but try an install of the gnome-libs package on the server. It is possible to install a more recent version than 1.4.1.2.90-34.1.i386.
  Mike