Virtual Directory Change from Oracle HTTP Server to Embedded PL/SQL Gateway
We finally upgraded from htmldb 1.6 to ApEx 3.1.2 late last year. This was in conjunction with setting up a new server and installing Oracle 11g DB, while our production DB is still 10g. During this install, I opted for the Embedded PL/SQL Gateway, whereas our htmldb is running with the Oracle HTTP Server.
During the conversion of one of our applications I learned that Virtual Directory references to #IMAGE_PREFIX# are no longer valid for custom CSS so I had to change an entry in the page templates that I'm using to use #WORKSPACE_IMAGES#. Now I am importing another application from our htmldb 1.6 environment to our ApEx 3.1.2 environment, and I have a new problem that I think is related.
In this application we have been uploading report files for outside users to be able to download at their convenience. I think the upload is working OK, but when I try to download the report file I get the following:
Not found
The requested URL /apex/IMR.ofile was not found on this server.
The download is accomplished with a link on an SQL Report region. The Column Link info is:
Link Text = <img src="#IMAGE_PREFIX#edit_big.gif" border="0" alt="Icon 1">
Target = URL
URL = #OWNER#.ofile?p_file=#VIEW_REPORT#&v_auth=&APP_USER.
When I change the Link Text to <img src="#WORKSPACE_IMAGES#edit_big.gif" border="0" alt="Icon 1"> I lose the Edit Icon image. However, what I'm really concerned about is the URL not found error
Now, maybe I'm barking up the wrong tree, so if the problem isn't related to virtual directories, which tree should I be barking up?
Any suggestion?
Thanks,
Gregory
Is the IMR.ofile a custom package for downloading files? If so, you might need to add it to the wwv_flow_epg_include_mod_local function.
I am not certain how this function also plays into the embedded pl/sql gateway, but do know it would affect this running through Oracle HTTP server when configured with the before proc.
With the embedded gateway it may very well be that you need to add this package into the ACL for outside availability.
Similar Messages
-
Logging into APEX through Oracle XML DB HTTP Server and Embedded PL/SQL
Hi,
I have just finished installing Apex 3.0 on RHEL 4. I am not using HTTP Server, but Embedded PL/SQL. When I go to the page administrator page http://host:8080/pls/apex/apex_admin a prompt pops up and when I give the username as "admin" and the password then it doesn't log me in. I ran the apxconf.sql script and reset the admin password and it is still not letting me log in.
Please adviseUnfortunately, using the pl/sql gateway is not yet supported. The documentation should be more clear about that.
You'll need to use the HTTP server.
See FAQ #8:
http://www.oracle.com/technology/products/database/application_express/html/3.0_fsps.html#08 -
Enable SSL/https on ApEx Embedded PL/SQL Gateway/11g?
Hi,
I'm a newbie to ApEx. And I notice that most of ApEx applications are run on "http" instead of "https". Aren't you concerned about its security? What's your take on SSL/https with ApEx?
I understand that it takes several steps to set it up on Oracle HTTP Apache server (ie: set up Oracle Wallet Manager, go to a certificate authority to get obtain a certificate, configure Oracle HTTP Server...etc). But does it work on Embedded PL/SQL Gateway (ie: runs XML DB HTTP instead of a separet Apache web server)?
Any experience/suggestions/ideas?
Thanks much,
HelenHere is the Oracle documentation:
[http://download-uk.oracle.com/docs/cd/B19306_01/appdev.102/b14259/xdb22pro.htm#CHDCAHDH]
Here is a little more friendly post:
[http://wiki.shellprompt.net/bin/view/Apex/SSLandAPEXxdbHttp?TWIKISID=6fa6f4a0bbb698921c333d6d0c859970]
Friendly post originally from:
Can the embedded PL/SQL gateway handle SSL?
-Richard -
SSL on ORACLE XE APEX 4 EMBEDDED PL/SQL GATEWAY
Hello
Can somebody explain how to configure SSL for oracle xe apex 4.0 on windows server step by step from begining to end? I've tried different examples, but I failed to make.
Thank you!Hi,
I found this post. It might help you
Oracle 11g, APEX 3.0.1, dbms_epg and SSL - is this possible?
Regards,
Jari -
Can I change from Embedded PL/SQL Gateway to Oracle HTTP Server/Apache?
Hi everyone
Can I change a running installation of Oracle 10.2.0 Application Express 3.2.1.00.10 to move away from the Embedded PL/SQL Gateway on to the Oracle HTTP Apache server? I'd like the change to be as transparent as possible to avoid an outage if I can. Do I need to reinstall everything and just import a backup or is there a way to switch between the http servers? I couldn't find anything on "switching" in the User's guide, so I was hoping one of you may have successfully tried this.
Many thanks for your help!
m.It should be straight forward with a very small downtime. Test on dev system before interrupting the prod system.
1. Install OHS
2. Configure OHS
3. Configure the mod_plsql plugin
4. Stop the Embedded PL/SQL Gateway
Let the users know about the new URL.
All the above steps are documented in the docs.
-Andy -
Oracle Http server 11g, change ports with command-line tool
I have installed the WLS11g webtier's Oracle Http server 11g. I installed the OH 11g only.
The OH is runing fine with ports: non-ssl 7779 and ssl 4444
I want to change the ssl port to 443 such that we can have the url without showing the port as https://hostname.domain/
I have looked up the documnet http://download.oracle.com/docs/cd/E15523_01/core.1111/e10105/ports.htm#CIHJIFHB for "managing port".
it states "You can change the port numbers for some Oracle Fusion Middleware components, using Fusion Middleware Control, Oracle WebLogic Server Administration Console, or *the command line*."
Because I only installed the OH, I have no the Fusion Middleware control , admin console available for making the port change. And I cannot find out how to the command line tool to make the change.
I followed the steps in section 5.3.2.1 Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX Only) http://download.oracle.com/docs/cd/E15523_01/core.1111/e10105/ports.htm#CIHJEEJH
And I did edit ssl.conf for port change to 443 ---- this is not documented in the document. I think because Oracle wants you to use the console to make the change.
OH is not working after I made the change.
Does anyone know how to use the commend line tool for making the port changes for OH11g?
ThanksHi,
if u want to achieve it using JMX then u can try :
http://middlewaremagic.com/weblogic/?p=613
Using Command Line Option WLST you can do it in ONLINE Mode...like:
Step1). Please run the ". ./setWLSEnv.sh" script to set the CLASSPATH & PATH in the shell prompt.
<b><font color=red>NOTE:</font></b> Run the “setWLSEnv.sh” by adding two DOTs separated by a single space …..before the actual script like following : (use ‘cd’ command to move inside the <BEA_HOME>/wlserver_10.3/server/bin) then run the following command….
*. ./setWLSEnv.sh*
Note: the first DOT represents that set the Environment in the current Shell, AND the second ./ represents execute the script from the current directory.
Step2). Now in the same Shell Prompt please run the WLST Utility like following:
<b><font color=maroon>
java weblogic.WLST
wls:/offline> connect()
Please enter your username [weblogic] : weblogic
Please enter your password [weblogic] : weblogic
Please enter your server URL [t3://localhost:7001] : t3://localhost:7001
Connecting to t3://localhost:7001 with userid weblogic ...
edit()
startEdit()
cd ('Servers/AdminServer')
cmo.setListenPort(9999)
save()
activate()
</font></b>
Now you NEED NOT to restart your Server to reflact these Changes....
The Above JMX Code is also able to do it in Runtime only on the Fly.
Thanks
Jay SenSharma
http://middlewaremagic.com/weblogic (Middleware Magic Is Here) -
Using an Oracle Directory as DocumentRoot in Oracle Http Server
Hello,
¿Is it possible that OHS(Oracle Http Server) use an Oracle Directory(directory object in database) as its DocumentRoot? The idea behind that is put the web application's files in Oracle Directories for easily make updates and versioning.
Thank you very much for your help in advance.Thanks Gary , Your reply is perfectly correct ,
I have verified the same with ETL data lineage guide ,
The Columns that match to the MCAL_CAL_NAME~MCAL_PERIOD_TYPE
MCAL_CAL_NAME = GL_PERIODS.PERIODS_SET_NAME
MCAL_PERIOD_TYPE = GL_PERIODS.PERIOD_TYPE
Query for same to get from EBS Source will be
select period_set_name , period_type From gl_periods ;
Thanks For Help !!
Regards
Neeraj Saini -
How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP server
In 9iAS 9.0.2 Oracle HTTP Server (OHS) is pre-configured to assign requests to the Home OC4J instance via the URL-prefix "/j2ee"/
For example, the TEST servlet under OC4J would be passed through OHS using:
http://urmachine:urApachePort/j2ee/TEST
whereas in the standlone OC4J version, this URL works:
http://urmachine:urOC4JPort/TEST
How to get rid of /j2ee prefix from URL when I use the OC4J via Oracle HTTP Server?It is getting the url prefix from mod_oc4j.conf
under /ora9ias/Apache/Apache/conf
You can read more on this at
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/web.902/a92173/confmods.htm#1008977
-Prasad -
Changes in webservices while migrating from Oracle App Server to WebLogic
Dear All,
I am developing webservices for a external users.
I am new to webservices.
We were using Oracle Application server to deploy the webservices.
The architecture was as mentioned below
1) A interface class
2) A Implementation class for the above interface class
Now we are planning to migrate from Oracle application server to Weblogic Application server.
I have few doubts about the migration,
1) Will there be any difference between Oracle specific WSDL and WSDL created by Weblogic ant build command
2) As our external parties are referring our SOAP requests ans responses for their implementation, i am concerned about the changes in the SOAP request and response formats. Will there be changes due to application server change?
Oracle app server - Oracle 10g application server version 9.0.4.0
Weblogic appl server - Weblogic application server version 10.3.0.0Now after creating the WSDL by Weblogic workshop. The previous request XML is not working.
Can someone help soving the below query.
We are in process of upgrading the Oracle 10g application server version 9.0.4.0 to Weblogic application server version 10.3.0.0. In the old application server we were using axis specific jars to create the WSDL for the webservices. There are so many third party applications which are accessing our webservices, so we can not change the wsdl, clients accessiong the webservices and the corresponding formats of request and response xml messages. So we need to deploy the same wsdl and for the same we need to deploy axis on to weblogic 10.3. Can you please help us regarding the same.
Qns
1 - If we can deploy the axis on to the Weblogic 10.3
2 - Can we use the same WSDL in the Weblogic server too.
3 - If we use the same WSDL, will it help us to keep the client accessing the webservices, the request xml format, response XML format the same as it is with Oracle 10g application server case.
4 - Please share how to deploy axis on to the Weblogic 10.3 application server.
5 - Please share how we can create EARs that can be deployed on the webserver using axis specific jars.
Thanks and Regards
Manoj -
Weblogic certificate is not being authenticated in Oracle HTTP Server
I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side:
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2077] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] nzos proxy handshake error, nzos_Handshake returned 29024(server social.us.oracle.com:443, client 10.139.164.191)
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2171] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] (20014)Internal error: proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com)
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com) from 10.139.164.196 ()
And the following error on the weblogic side:
####<Dec 22, 2011 6:40:10 PM MST> <Warning> <Security> <denovm11-1> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8e6c6502a1af117a:4eeee51e:13466bb040d:-8000-000000000000a764> <1324604410502> <BEA-090482> <BAD_CERTIFICATE alert was received from denovm11-6.us.oracle.com - 10.139.164.196. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
Here is my ssl.conf from OHS:
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
# OHS Listen Port
Listen 443
<IfModule ossl_module>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<IfModule mpm_winnt_module>
SSLMutex "none"
</IfModule>
<IfModule !mpm_winnt_module>
SSLMutex pthread
</IfModule>
## SSL Virtual Host Context
<VirtualHost *:443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient none
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule proxy_module>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Path to the wallet
SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
SSLProxyEngine on
SSLProxyVerify none
# ottest : denovm11-1
ProxyPass /test https://abc.us.oracle.com:7001/test
ProxyPassReverse /test https://abc.us.oracle.com:7001/test
</IfModule>
</VirtualHost>
</IfModule>
On the OHS side I have all the certificates needed so SSL is working properly. The weblogic environment is currently working fine with other webgates, but those are apache and we are trying to switch to OHS.
Can OHS use mod_proxy to connect to weblogic or do I need to use mod_wl_ohs?
Does anyone see anything wrong in my ssl.conf file in regards to the proxy section.
Thanks in advance.In summary:
You need to create a new wallet with CSR (certificate signing req)
Send this to your certificate authority and get the signed server certificate.
Now import the signed server cert and the trusted root cert in to the wallet that you created newly.
Modify ssl.conf to point to the new wallet location.
To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htm#CHDGIJDC
Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#CBDGIJDF
Dont mind if this doc is 500 pages ;) -
Sir,
I once again facing problem of HTTP Server it again not started the file contain the following entries where didn't show any duplicate entries but HTTP server couldn't start please help me.
Oracle Appachae file contain following entries
# Advanced Queuing - AQ XML
include "H:\oracle\ora92\rdbms\demo\aqxml.conf"
include "H:\oracle\ora92\xdk\admin\xml.conf"
include "H:\oracle\ora92\Apache\modplsql\cfg\plsql.conf"
include "H:\oracle\ora92\Apache\jsp\conf\ojsp.conf"
include "H:\oracle\ora92\sqlplus\admin\isqlplus.conf"
include "H:\oracle\ora92/oem_webstage/oem.conf"
oracle isqlplus.conf contain following entries
# Copyright (c) 2001, 2002, Oracle Corporation. All rights reserved.
# NAME
# isqlplus.conf
# PURPOSE
# Oracle HTTP Server directives for the iSQL*Plus server
# USAGE
# This file should be included in the Oracle HTTP Server
# "oracle_apache.conf" file.
# Enable handling of all virtual paths beginning with "/iplus/"
# Note: only /iplus/ is mapped, /iplus is not being mapped
<IfModule mod_alias.c>
Alias /iplus/ "H:\oracle\ora92\sqlplus\admin\iplus/"
# Disallow users from trying to access /iplus/ directory listing
<Directory "H:\oracle\ora92\sqlplus\admin\iplus">
AllowOverride None
Options FollowSymLinks
Order deny,allow
Allow from all
</Directory>
</IfModule>
# Maps all virtual paths beginning with "/isqlplus*" to the iSQL*Plus
# FastCGI application
<IfModule mod_alias.c>
ScriptAliasMatch ^/isqlplus(.*) H:\oracle\ora92\bin\isqlplus
ScriptAliasMatch ^/isqlplusdba(.*) H:\oracle\ora92\bin\isqlplus
<Directory "H:\oracle\ora92\bin">
AllowOverride None
Options FollowSymLinks
Order deny,allow
Allow from all
</Directory>
</IfModule>
# Enable handling of all virtual paths beginning with "/isqlplus"
<Location /isqlplus>
SetHandler fastcgi-script
Order deny,allow
# Comment "Allow ..." and uncomment the four lines "AuthType ..."
# to "Require ..." if Oracle HTTP authentication access is required
# for the http://.../isqlplus URL
Allow from all
#AuthType Basic
#AuthName 'iSQL*Plus'
#AuthUserFile H:\oracle\ora92\sqlplus\admin\iplus.pw
#Require valid-user
</Location>
# Enable handling of all virtual paths beginning with "/isqlplusdba".
# Note: Oracle HTTP authentication access must be configured to
# prevent unauthorized users performing DBA operations on
# the database
# Use the HTTP server utility script "htpasswd" to add users to the
# "iplusdba.pw" file.
<Location /isqlplusdba>
SetHandler fastcgi-script
Order deny,allow
AuthType Basic
AuthName 'iSQL*Plus DBA'
AuthUserFile H:\oracle\ora92\sqlplus\admin\iplusdba.pw
Require valid-user
</Location>
# Setup the iSQL*Plus FastCGI application.
<IfModule mod_fastcgi.c>
FastCgiServer H:\oracle\ora92\bin\isqlplus -port 8228 -initial-env iSQLPlusNumberOfThreads=20 -initial-env iSQLPlusTimeOutInterval=30 -initial-env iSQLPlusLogLevel=off -initial-env iSQLPlusAllowUserEntMap=none -idle-timeout 3600
</IfModule>I once again facing problem of HTTP Server it again not startedWhat error do you get? What OS are you using? Which release
and version of Oracle are you using? What debugging steps have you
alread tried and what results did they give you?
-- CJ -
Implementing SSL in Apex3.2.1 using Oracle HTTP Server 11.2g
Could anyone please point me at any up-to-date documentation that deals with implementing SSL on Apex3.2.1 and 11.2g Standard One Oracle HTTP Server or something close.
I'm using Windows 7 with Browser, HTTP Server and database all on the same machine for testing purposes.
I have done the following from what I have found so far:
In Oracle Wallet Manager I have created a Certificate Request, sent that to a CA and then imported the Trial SSL Certficate, Trial Secure Server Intermediate CA and Test CA Root Certificate from the CA.
I have updated Apex Admin Services/Manage Service/Instance Settings/Wallet with
file:directory-path and wallet password.
I rebooted the machine to restart all the services, in case I missed any.
However when I change the url from http to https and this is the only change I make then page not found appears. It maybe I need to change the port or some conf files but I'm not sure.
Thanks
dfrostThere is also DRM and Strategic Finance that use IIS, here is the oracle doc on it http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_install_start_here_11121/ch06s03s02.html
Cheers
John
jgblog -
Set up Oracle HTTP Server for a particular IP address
How do I set up Oracle HTTP Server to allow access control based on a particular IP address to certain CGI Scripts if a site is a local site?
I have tried this in httpd.conf file but it does not restrict a particular IP address (say 10.1.2.4) in my home network (consists of 3 PCs). 10.1.2.3 is the IP address of node where OHS is installed. I access my OHS from client like this http://10.1.2.3:7777/cgi-bin/printenv
ScriptAlias /cgi-bin/ "C:\oracle_home\Apache\Apache\cgi-bin/"
<Directory C:\oracle_home\Apache\Apache\cgi-bin>
AllowOverride None
Options None
Order Deny,Allow
Deny from all
Allow from 10.1.2.3
</Directory>
Note: - I have not made any changes in the default configuration of OHS.
Any help for a student like me will be highly appreciated.
Regards
Rajesh KumarNo the idea is not to disable the signature. The reason why I wanted you to locate the specific block/deny was to make it easier to fix it. I would still recommend to use the Event Action Filters only to exclude the host and not disable the signature altogether.
That said, there are some signatures that "according to the documentation" cannot be excluded using event actions like Sweep signatures. These signatures have a field for Source/Dest IP built-in to exclude specific hosts. HOwever to be honest I could get event actions to work perfectly with event actions on our customers ;), so it could be an old restriction still mentioned in the docs.
Lastly, you only disable a signature when you are absolutely sure that you are not running the Software/Application/Service on your network. For example on one customer we would frequently get VPN 3000 COnc. HTTP attack signatures fired for internet traffic, and since there is no chance to add any VPN3k on this network (its already End of Sale), I disabled this signature.
Regards
Farrrukh -
Installation of the VeriSign digital certification in Oracle HTTP Server
I am not obtaining to generate to the pair of keys and the CSR in Oracle HTTP Server, will have some tip I is thankful.
Thanks
LeandroHi Leandro,
Here are some steps to setup digital certificates into Oracle HTTP Server for Unix.
1. The temporary working directory is /u01/tmp/myssl.
2. The contents of <9iAS_HOME>/Apache/open_ssl/bin have been copied to the
temporary working directory created in Assumption #1.
3. SSL file names are priv.key (private key), certreq.csr (certificate request),
and cert.crt (SSL certificate). The actual SSL certificate file could be
named other than 'cert.crt'.
4. By default, SSL is configured using port 443, which requires ROOT access to
start the web listener.
If you want to change this from the default port, you will need to change
the following two parameters in the httpd.conf file to an unused port number:
Listen 443
<VirtualHost default:443>
5. All necessary UNIX environment variables are set correctly for your Oracle
product before implementing these procedures.
6. User must be familiar with UNIX concepts like shell navigation, UNIX
environments, file manipulation/search, file copy/backups, etc.
How to Request and Configure an SSL Certificate for Oracle9i Application Server
Step-by-Step Instructions:
1. Change your present working directory to the temporary working directory, e.g.,
/u01/tmp/myssl. Ensure the contents of <9iAS_HOME>/Apache/open_ssl/bin have
been copied into this temporary working directory.
2. Copy 5 large files, each at least 250KB, into your temporary working directory.
Suggest looking in any /bin directory for large sized binary files. Execute
the following command to generate the random character file:
% openssl md5 * > rand.rnd
3. Execute the following command to generate the private key (priv.key):
% openssl genrsa -rand rand.rnd -des3 1024 > priv.key
- when prompted, enter a "PEM pass phrase" password
- re-enter password when prompted to verify password
-- remember the pass phrase password you entered
- this command generates the priv.key file and associated pass phrase
- set permissions on the priv.key file to prevent unauthorized editing
% chmod 400 priv.key
- backup the priv.key file to a secure location
NOTE
The PEM pass phrase must be at least 4 characters in length. Remember this
pass phrase, you will be prompted to enter it in the next step and each
time you start up the Oracle HTTP Server (OHS) in SSL mode.
Optionally, you can unencrypt the value of the private key, so that you
will not be prompted for the PEM pass phrase every time you start up OHS
in SSL mode.
To unencrypt the private key, execute the following two commands (Note:
ensure file permissions set to r+w):
% cp priv.key priv.key.bak
% openssl rsa -in priv.key.bak -out priv.key
- the demo certificate shipped with Oracle9iAS does not require a pass
phrase to start OHS in SSL mode.
- on UNIX, to generate the certificate request and start OHS in SSL mode,
the pass phrase must be entered, unless you executed the above steps
to unencrypt.
- on Windows NT/2000, if a certificate is used that has a pass phrase,
the OHS will hang; therefore, on Windows NT/2000, you must execute
the steps to unencrypt.
4. Execute the following command to generate an SSL certificate request
(certreq.csr) based on your private key.
% openssl req -new -key priv.key -out certreq.csr -config openssl.cnf
- when prompted, enter the "PEM pass phrase" set when the private key
was created.
- when prompted, enter the requested fields that make up the
Distinguished Name.
-- each entry must be valid information, i.e., email, state, location, etc.
- when prompted for the "Common Name", you MUST enter the fully
qualified name which will be accessed via client browsers; e.g.,
if clients will use:
https://mysite.domain.com
-- then, you must enter mysite.domain.com as the "Common Name"
- the requested 'extra' attributes, i.e., "challenge password" and
"optional company name", are OPTIONAL; just hit ENTER to use NULL values.
5. You should now have the private key and certificate request files (priv.key
and certreq.csr) in your temporary working directory.
NOTE
At this point, you can use your certificate request file 'certreq.csr' to
order a valid SSL certificate from any CA-vendor, e.g., Verisign.
After you receive your SSL certificate, skip to Step #6 for instructions
on how to deploy your SSL files.
OPTIONAL
You can start 9iAS in SSL mode (see Step #12) and test the pre-installed demo
certificate and private key included for testing purposes.
It is a good idea to test to be sure the Oracle HTTP Server SSL mode works
successfully before deploying your new SSL certificate. To try these demo
files, access the 9iAS index page in a browser using the HTTPS protocol and
the appropriate SSL Listen port. URL format:
https://myhost.domain.com:<ssl_port>
The user will see a Security Alert (IE), or New Site Certificate (Netscape)
warning message, click Continue/Next to accept.
OPTIONAL
To create a self-signed certificate, execute the following commands:
(csh) % setenv RANDFILE rand.rnd
<sh or ksh> % export RANDFILE=rand.rnd
% openssl x509 -req -days 30 -in certreq.csr -signkey priv.key > tempcert.crt
- when prompted, enter the "PEM pass phrase" set when the private key was created.
- this command generates a temporary self-signed certificate file 'tempcert.crt'
valid for 30 days, which can be used while awaiting a valid SSL certificate
purchased from an authorized CA-vendor.
- if this option is used, after generating the 'tempcert.crt' file, skip to
Step #6 for instructions on how to deploy your SSL files.
OPTIONAL
These steps are specifically for requesting a TRIAL certificate from the
CA-vendor Verisign.
- Go to www.verisign.com and click on "Free Guides and Trials" link and
follow instructions to request a "Free Trial SSL ID". During this process,
you will be asked to provide certificate request information.
- Open the 'certreq.csr' file using your text editor of choice.
- Starting with "-----BEGIN NEW CERTIFICATE REQUEST-----" copy all lines
including the BEGIN and END of certificate lines.
- Paste this copied data into the Verisign page where requested and continue.
- You will see the Verisign web site decode your certificate request
information. This decoded information is presented to you to verify it is
correct. If it is, then continue with the process.
- You will be presented with another set of questions from Verisign. Be sure
to answer with the correct email address, as this address will be used to
send your SSL certificate.
- After you answer all these questions, you will be sent a TRIAL 14-day
SSL certificate via email.
- WARNING! You must follow this step carefully, you cannot copy and paste
information from an email to a new text file. After you get your TRIAL
certificate, save the entire email message to a text file. Open this file
using your text editor of choice. You will see the email address header
information and the line:
-----BEGIN CERTIFICATE-----
- Delete all text that appears before the -----BEGIN CERTIFICATE----- line.
The modified file should contain only certificate information. After you
delete the email header, save this text file inside your temporary directory
with the filename 'trialcert.crt'.
6. Now you are ready to configure Oracle9i Application Server (9iAS) with your
SSL certificate files.
7. Back up your existing <9iAS_HOME>/Apache/Apache/conf/httpd.conf file.
8. Open the httpd.conf file with your text editor of choice.
9. Edit the following httpd.conf directives to use your generated private key
and SSL certificate file, which could be the filename for either the
temporary self-signed certificate, the TRIAL test certificate, or the
purchased valid certificate. The information following the # symbol are
comments.
NOTE
The directory of the SSL files (private key and certificate file)
can reside in any location you choose. The temporary working
directory will continue to be referenced in these procedure steps.
# use the appropriate (i.e., valid, temporary, or trial) certificate filename
SSLCertificateFile /u01/tmp/myssl/tempcert.crt
#private key from Step #4 above:
SSLCertificateKeyFile /u01/tmp/myssl/priv.key
10. Save your modified httpd.conf and exit the text editor.
11. Log in as authorized user (if default ports 80 and 443 are used, ROOT user
must execute commands in next step).
12. Execute the following command to stop, then start Apache in SSL mode
(ensure proper UNIX environments are set; else, execute command from
<9iAS_HOME>/Apache/Apache/bin.)
For Oracle8iAS 1.x:
% httpdsctl stop
% httpdsctl startssl
For Oracle9iAS 1.0.2.x:
% apachectl stop
% apachectl startssl
- when prompted, enter the "pass phrase" created in Step #3.
-- not required if you unencrypted the private key file
- when the Oracle HTTP Server starts successfully in SSL mode, access the
9iAS index page in a browser using the HTTPS protocol and the appropriate
SSL Listen port. URL format:
https://myhost.domain.com:<ssl_port>
- if using a temporary self-signed or TRIAL test certificate, the user will
see a Security Alert (IE), or New Site Certificate (Netscape) warning message,
click Continue/Next to accept.
====================
I hope this help !!
Ilan Salviano -
Facing problem in installing oracle http server
hi,
i am trying to install oracle http server from companion cd (oracle 10g) but facing this error
/Apache/Apache/bin/httpd: error while loading shared libraries: libdb.so.2: cannot open shared object file: No such file or directory.
i don't know what to do.
plz helpHi,
there are other posts on this but try an install of the gnome-libs package on the server. It is possible to install a more recent version than 1.4.1.2.90-34.1.i386.
Mike
Maybe you are looking for
-
Need help fast just bought sound blaster audigy se c
Hi please anyone help me i just install my new sound blaster audigy se i also disable my onboard sound the problem is i dont get proper 5. surround sound from my speakers it just seem that all the speakers play but dont get the crossover ,I have a ch
-
Hi, I have problems opening a file via Active X control and https and need some ideas how to proceed with the analysis. The server is a custom WebDAV implementation on a SAP Netweaver 7.40 system. The following behaviour: http works without problems
-
I just bought a new iMac & am migrating my old mac to it. It says its gong to be 58 hours, is it common for it to take this long?
-
My bank sets flash files in a Macromedia folder under ~\library\preferences. The flash file is used by the bak server to recognize the Mac (and avoid security questions) if the cookies are purged. I cna see the flash file right where it is supoosed
-
My new imac keeps beeping when starting up
my new imac hasn't booted up and keps beeping. any suggestions?