Install SSL certificate for Oracle HTTP server

Similar Messages

• How to set -Xss or ulimit  for Oracle Http Server

  Hi,
  We are facing Out of Memory Error in OHS 11g in our cluster environment. Where I can see below statements in http log file:
  # There is insufficient memory for the Java Runtime Environment to continue.
  # Cannot create GC thread. Out of system resources.
  # Possible reasons:
  # The system is out of physical RAM or swap space
  # In 32 bit mode, the process size limit was hit
  # Possible solutions:
  # Reduce memory load on the system
  # Increase physical memory or swap space
  # Check if swap backing store is full
  # Use 64 bit Java on a 64 bit OS
  # Decrease Java heap size (-Xmx/-Xms)
  # Decrease number of Java threads
  # Decrease Java thread stack sizes (-Xss)
  # Set larger code cache with -XX:ReservedCodeCacheSize=
  # This output file may be truncated or incomplete.
  #  Out of Memory Error (gcTaskThread.cpp:46), pid=17956, tid=140591807985408
  When I run the ulimit command on machine, stack size is showing as 10MB:
  Result:
  [oracle@XXXXXX bin]$ ulimit -a
  core file size          (blocks, -c) unlimited
  data seg size (kbytes, -d) unlimited
  scheduling priority (-e) 0
  file size (blocks, -f) unlimited
  pending signals (-i) 1031958
  max locked memory       (kbytes, -l) 3500000
  max memory size         (kbytes, -m) unlimited
  open files (-n) 131072
  pipe size            (512 bytes, -p) 8
  POSIX message queues     (bytes, -q) 819200
  real-time priority (-r) 0
  stack size (kbytes, -s) 10240
  cpu time (seconds, -t) unlimited
  max user processes (-u) 131072
  virtual memory          (kbytes, -v) unlimited
  file locks (-x) unlimited
  Setting the stack size to 512KB or 256KB might resolve the problem.
  I tried setting ulimit -s 512  in my user bash_profile. and ran ulimit -a , then it is showing as 
  stack size (kbytes, -s) 512
  If I set at user level, does it have any impact? Or we should set at JVM level using -Xss
  Can some body tell me where can I set -Xss for Oracle HTTP server 11g?
  Regards,
  Vidya

  Hi Marco,
  I believe you'll need to setup a MX record under 'More Actions' for your domain in Site Settings / Site Domains.
  Select the option "Use another external service for email" and enter your primary mail server's hostname at priority 10.
  Think you can repeat this step for your secondary mail server (priority 20) if you have one.
  Regards
  Mike

• Install SSL certificate for OAM 11gR2

  Experts, I wanted to know some recommended urls, links etc for configuring and installing SSL certs for OAM 11gR2.
  Base install for OAM is working fine and all consoles are ok.
  I have found following link from the docs
  http://docs.oracle.com/cd/E27559_01/core.1112/e28516/sslconfig.htm#ASADM1800
  Please confirm above link would suffice to install and configure SSL.
  Any other challenges or issues likely to come up would help, like importing certificates and root certificate etc.

  Assuming you're referring to SSL between OAM Server and WebGate, it is documented here: Securing Communication - 11g Release 2 (11.1.2)
  Regards,
  Colin

• Unable to install SSL Certificate - ADMIN4118: Only one server certificate can be installed at a time

  Hi,
  We are trying to install SSL certificate (Verisign Class 3) on iPlanet Web Server (version 7). However, at the final step we are getting the error "ADMIN4118: Only one server certificate can be installed at a time"
  We are following the below steps,
  Under "Server Certificates" tab,
       -> Click on "Install" button.
       -> On "Select Configuration" click on "Next" button.
       -> On "Select Tokens and Passwords", select default token as "internal" and click on "Next" button.
       -> On "Enter Certificate Data", select option as "Certficate File" and give path to the certificate file which is having .p7b extension
       -> On "Certificate Details" we are getting warning as "Duplicate Server Details Found" and it's by default using the existing certificate's nickname.
       -> On "Review" page after clicking "Finish" button, an error is displayed saying "ADMIN4118: Only one certificate server can be installed at a time"
  There are multiple sub-domains availble and the new certificate we want to install contains one more sub-domain.
  So, say currently the subdomains present are,
  1.abc.com
  2.abc.com
  so on...
  and now we are trying to install a SSL certificate having one more subdomain say 10.abc.com.
  Please let us know if you have solution to this problem.
  Thanks,
  Rajesh

  Hi Rajesh,
  That error is most commonly seen when you are trying to install a certificate chain into the Web Server.
  The chain should be installed using the "Certificate Authorities" tab per the following steps:
  1) Login to the Admin Console.
  2) Click Edit Configuration from Common Tasks > Configuration Tasks.
  3) Click the Certificates > Certificate Authorities tab from the Configurations page.
  4) Click the Install... tab from the Certificate Authorities (CAs) page.
  An Install CA Certificate Wizard opens. The wizard guides you through the settings available for installing a Certificate Chain. Select Certificate Chain when prompted for Certificate Type.
  You should then see the CA and intermediate certificate(s) listed in the security database.
  If you have access to MOS, more details can be found in the MOS KM Note:
     Oracle iPlanet Web Server - 'ADMIN4118: Only one server certificate can be installed at a time' When Installing Certificate Chain (Doc ID 1925025.1)
  regards
  Tracey

• How to create a service for Oracle HTTP Server

  Hi,
  I hope someone can help me.
  I would like to create a service for an Oracle HTTP Server.
  We are running APEX 3.2 on an 10.2.0.4 database (not XE).
  We have a Windows XP system.
  To run APEX on a 10g we need the HTTP Server.
  Unfortunately no service was created while the installing of the Oracle HTTP Server.
  How can I create a service later. After the installation.
  I know that you can create a service with Instrsrv.exe and Srvany.exe. But I dont know wheather I can use this in this case.
  I need an .exe file for that.
  The HTTP-Server has the opmnctl.exe.
  But I have to write opmnctl.exe startall when I start or opmnctl.exe stopall when I want to stop it . How can I realize that in a Service?
  Thanks for your answer
  Jens

  Hi,
  I hope someone can help me.
  I would like to create a service for an Oracle HTTP Server.
  We are running APEX 3.2 on an 10.2.0.4 database (not XE).
  We have a Windows XP system.
  To run APEX on a 10g we need the HTTP Server.
  Unfortunately no service was created while the installing of the Oracle HTTP Server.
  How can I create a service later. After the installation.
  I know that you can create a service with Instrsrv.exe and Srvany.exe. But I dont know wheather I can use this in this case.
  I need an .exe file for that.
  The HTTP-Server has the opmnctl.exe.
  But I have to write opmnctl.exe startall when I start or opmnctl.exe stopall when I want to stop it . How can I realize that in a Service?
  Thanks for your answer
  Jens

• Problem installing SSL certificate for CPS

  I work at a medium-sized University, and we have used
  Contribute 3 with CPS1.11 for well over a year. Recently, however,
  the Contribute clients began having difficulty logging in to CPS.
  At first this was intermittent, but is now constant. Adobe support
  suggested replacing the CPS self-signed SSL certificate with a
  genuine one, because apparently the self-signed certificate is
  causing communication delays and timeouts.
  I have the certificate, and am trying to use keytool (see
  http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
  to install it, but it is asking me for a keystore password, which I
  don't know. Apparently the standard defaults are "changeit" or
  "passphrase", but neither of these work.
  As a test, I created a fresh install of CPS and attempted to
  list the keys in the keystore, but again was asked for a keystore
  password and the defaults did not work. Adobe support suggested I
  ask here. Anybody have any experience installing a certificate for
  CPS?

  Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new:
  SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Problems installing SSL certificates for more than one alias on iMS 5.2

  I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
  Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
  Environment: Full 420R, Solaris 8, iMS5.2
  Thanks in advice

  Although I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
  Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
  So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform.

• Is there a way to change the CSR for install SSL Certificate for CCMADMIN

  HI there,
  Our customer want a solution for the https failure on CCMAdmin and CCMUser sites.
  For that, I have exported a csr to buy a ssl certificate from verisign.
  The problem is the csr includes fqdn an not just the servername
  But the users just have to type in the servername to reach the server.
  Is there a way to export a csr which include as common name only the server name without changing the domain settings in the cucm?
  thanks
  Marco

  Hi
  You can go to the server via SSH, and enter the 'set web-security' command with the alternate-host-name parameter:
  Command Syntax
  set web-security orgunit orgname locality state country alternate-host-name
  Parameters
  • orgunit represents the organizational unit.
  • orgname represents the organizational name.
  • locality represents the organization location.
  • state represents the organization state.
  • country represents the organization country.
  • alternate-host-name (optional) specifies an alternate name for the host when you generate a
  web-server (Tomcat) certificate.
  Note When you set an alternate-host-name parameter with the set web-security command,
  self-signed certificates for tomcat will contain the Subject Alternate Name extension with
  the alternate-host-name specified. CSR for Cisco Unified Communications Manager will
  contain Subject Alternate Name Extension with the alternate host name included in the CSR.
  Typically you would still use an FQDN, but a less specific one (e.g. ccm.company.com)...
  Regards
  Aaron
  Please rate helpful posts...

• Problem in applying the  6078836 OS Library Patch for Oracle HTTP Server

  Hi ,
  While installing Oracle ebusiness suite R12on a RHEL5 linux box (2.6.32-300.10.1.el5uek)
  After running the installation, the post-installation System checks revealed that the HTTP, Virtual Directory, Login Page, Help Page & JSP services were failing. All the errors have the same error code RW-50015. ! Require Installing an OS Library patch for HTTP server according to Note ID
  Oracle Applications Installation and Upgrade Notes Release 12 (12.0.4) for Linux (32-bit) [ID 402310.1]     
  I am unable to stop the Database after stopping the Apps tier services.  while trying to login into sqlplus hitting up this Error ! Please Advise
  sqlplus: error while loading shared libraries: /oracle/VIS/db/tech_st/11.1.0/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied
  [Oracle@OracleLinuxServer 11.1.0]$ cd
  sqlplus / as sysdba
  sqlplus: error while loading shared libraries: /oracle/VIS/db/tech_st/11.1.0/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied
  Following is the Output of some commands which may help in understanding the Issue !
  *[Oracle@OracleLinuxServer ~]$ cd /oracle/VIS/db/tech_st/11.1.0*
  *[Oracle@OracleLinuxServer 11.1.0]$ find / -name libclntsh\* -ls 2>/dev/null*
  *142017047 13416 -rwxr-xr-x 1 applmgr oinstall 13712482 Dec 19 01:27 /oracle/VIS/apps/tech_st/10.1.3/lib/libclntsh.so.10.1*
  *142016603 0 lrwxrwxrwx 1 applmgr oinstall 17 Dec 19 01:27 /oracle/VIS/apps/tech_st/10.1.3/lib/libclntsh.so -> libclntsh.so.10.1*
  *142443526 13400 -rwxr-xr-x 1 applmgr oinstall 13696149 Dec 19 01:28 /oracle/VIS/apps/tech_st/10.1.2/lib/libclntsh.so.10.1*
  *142443190 0 lrwxrwxrwx 1 applmgr oinstall 17 Dec 19 01:28 /oracle/VIS/apps/tech_st/10.1.2/lib/libclntsh.so -> libclntsh.so.10.1*
  *89850399 36348 -rwxrwx--- 1 Oracle oinstall 37174788 Sep 12 2008 /oracle/VIS/db/tech_st/11.1.0/inventory/prereqs/bin/linux/libclntsh.so.11.1*
  *89719502 0 lrwxrwxrwx 1 Oracle oinstall 17 Dec 18 23:33 /oracle/VIS/db/tech_st/11.1.0/lib/libclntsh.so -> libclntsh.so.11.1*
  *89719501 36276 -rwxr-xr-x 1 Oracle oinstall 37100033 Dec 18 23:33 /oracle/VIS/db/tech_st/11.1.0/lib/libclntsh.so.11.1*
  id
  uid=2000(Oracle) gid=2000(oinstall) groups=2000(oinstall) context=root:system_r:unconfined_t:SystemLow-SystemHigh
  *[Oracle@OracleLinuxServer 11.1.0]$ env|egrep 'ORA|PATH' | sort*
  LD_LIBRARY_PATH=/oracle/VIS/db/tech_st/11.1.0/lib:/usr/X11R6/lib:/usr/openwin/lib:/oracle/VIS/db/tech_st/11.1.0/lib:/usr/dt/lib:/oracle/VIS/db/tech_st/11.1.0/ctx/lib
  LIBPATH=/oracle/VIS/db/tech_st/11.1.0/lib:/usr/X11R6/lib:/usr/openwin/lib:/oracle/VIS/db/tech_st/11.1.0/lib:/usr/dt/lib:/oracle/VIS/db/tech_st/11.1.0/ctx/lib
  ORACLE_HOME=/oracle/VIS/db/tech_st/11.1.0
  ORACLE_SID=VIS
  ORA_NLS10=/oracle/VIS/db/tech_st/11.1.0/nls/data/9idata
  ORA_TZFILE=/oracle/VIS/db/tech_st/11.1.0/oracore/zoneinfo/timezlrg.dat
  PATH=/oracle/VIS/db/tech_st/11.1.0/perl/bin:/oracle/VIS/db/tech_st/11.1.0/bin:/usr/bin:/usr/sbin:/oracle/VIS/db/tech_st/11.1.0/appsutil/jre/bin:/usr/ccs/bin:/bin:/usr/bin/X11:/usr/local/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/Oracle/bin:.
  SHLIB_PATH=/oracle/VIS/db/tech_st/11.1.0/lib:/usr/lib:/oracle/VIS/db/tech_st/11.1.0/ctx/lib

  Also I 've checked the /oracle/VIS/db/tech_st/11.1.0/cfgtoollogs/opatch/ opatch_history.txt
  Find that the Patch version is same for every Patch: Please suggest..... Thanks!
  Following is the all contents of the file:
  *[Oracle@OracleLinuxServer opatch]$ vi opatch_history.txt*
  Command     : apply -verbose -silent /nfs/bld/d26/PRDXBLD9/apps/apps_st/comn/autobuild/patch/patch/7639602/7639602
  Log File    : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2009-03-25_23-17-01PM.log
  Date & Time : Wed Mar 25 23:18:41 PDT 2009
  Oracle Home : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /nfs/bld/d22/AB/autobuild/passwd
  Command     : apply -verbose -silent /nfs/bld/d26/PRDXBLD9/apps/apps_st/comn/autobuild/patch/patch/7627743/7627743
  Log File    : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2009-03-25_23-18-41PM.log
  Date & Time : Thu Mar 26 01:23:19 PDT 2009
  Oracle Home : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0
  Command     : lsinventory
  Log File    : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2009-03-26_01-23-19AM.log
  Date & Time : Tue Mar 31 03:13:12 PDT 2009
  Oracle Home : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /nfs/bld/d22/AB/autobuild/passwd
  Command     : lsinventory -invPtrLoc /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/oraInst.loc
  Log File    : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2009-03-31_03-13-12AM.log
  Date & Time : Tue Mar 31 03:13:18 PDT 2009
  Oracle Home : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /nfs/bld/d22/AB/autobuild/passwd
  Command     : lsinventory -invPtrLoc /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/oraInst.loc
  Log File    : /nfs/bld/d26/PRDXBLD9/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2009-03-31_03-13-18AM.log
  Date & Time : Wed Dec 19 19:59:52 GMT+05:30 2012
  Oracle Home : /oracle/VIS/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /oracle/VIS/db/tech_st/11.1.0/OPatch
  Command     : lsinventory
  Log File    : /oracle/VIS/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2012-12-19_19-59-52PM.log
  Date & Time : Thu Dec 20 00:03:59 GMT+05:30 2012
  Oracle Home : /oracle/VIS/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /home/Oracle/6078836
  Command     : apply
  Log File    : /oracle/VIS/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2012-12-20_00-03-59AM.log
  Date & Time : Thu Dec 20 01:28:42 GMT+05:30 2012
  Oracle Home : /oracle/VIS/db/tech_st/11.1.0
  OPatch Ver. : 11.1.0.6.2
  Current Dir : /home/Oracle
  Command     : lsinventory -detail
  Log File    : /oracle/VIS/db/tech_st/11.1.0/cfgtoollogs/opatch/opatch2012-12-20_01-28-42AM.log

• What do I need for Oracle Http Server with mod_plsql on Linux 64bit?

  I am trying to get the OHS onto a linux box but I am not quite sure I am installing the correct thing!!
  I currently have a windows box running the 10g Application server but everything seems to have changed since then and there seems to be several different things to do with the Fusion Middleware and stuff. I've tried to find an overview in plain english of what all these things are but all I can find are lots of marketing buzzwords!
  All in need to to be able to run the OHS with the mod_plsql so I can run my apex application. I'd be greatfull if someone could point me in the right direction for what I need to install!
  The box it is going on is a CentOS Linux 64bit machine. I've download and installed Oracle WebLogic Server 11g Rel 1 (10.3.3) using the generic installer for the 64 bit java but there seems to be no http server despite it saying there is! Most likely I am doing something wrong but the installer finishes successfully but nothing is running on port 7001.
  Do I actually need the WebTier instead? Is that the best solution for running the OHS with mod_plsql? Do I need the WebLogic install as well? Unfortunately I am fairly new to Linux as well which isn't helping!!
  thanks for any help
  Robert

  Well, you have two options:
  - Use the OHS from the OFM WebTier Utilities distro. (To use 11.1.1.3 version, you need both the 11.1.1.2 and 11.1.1.3 distros)
  - Use the OHS from the DB Companion Disk distro.
  WebLogic Server is a Java EE application with an HTTP server included, but not intended to be used as a replacement of OHS/Apache. It doesn't support mod's...
  HTH,
  --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Why we need SSL Certificates for configuring App Server in Sharepoint

  Hi Support,
  We are planning to have a separate server for Apps, while configuring the server its asking for certificate. The main scenario is while configuring server inside the same firewall why we need SSL for configuring.
  Could you please let me know the reason why we need SSL for configuring App Server.
  Thanks in Advance,
  Regards,
  Pradeep

  Hi  Pradeep,
  SSL (Secure Sockets Layer) is a transaction security standard that provides encrypted protection between browsers and App Servers. When SSL is enabled for an App Server, browsers communicate with the App
  Server by means of an HTTPS connection, which is HTTP over an encrypted Secure Sockets Layer. HTTPS connections are widely used by banks and web vendors for secure transactions over the web.
  Secure Sockets Layer  is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. This is such a scenario. As a prerequisite
  for configuring Task Synchronization, the computer that is running SharePoint Server must have SSL configured.
  Reference:
  http://blogs.technet.com/b/speschka/archive/2012/09/03/planning-the-infrastructure-required-for-the-new-app-model-in-sharepoint-2013.aspx
  http://corypeters.net/2013/03/ssl-and-sharepoint-2013/
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Installing SSL Certificate for ITS WGate with sapgenpse

  Hello.
  We have setup Web Dispatcher and ITS WGate on the same host. Dispatcher accepts connections from 443 and ITS accepts connections from 8000.
  We have done SSL Settings for Web Dispatcher with sapgenpse successfully.
  But as WGate is running on Microsoft IIS Server, we couldn't install the same certificate response to Microsoft IIS. Is there a way to install certificate for ITS Server with sapgenpse tool or IIS Server's tool?
  Or should we demand another SSL response from CA generated from Microsoft IIS Server?
  Thanks in advance.
  Edited by: teknikdanisman on Jan 15, 2010 10:42 AM

  I have solved the problem. I have exported the SSL key with sapgenpse in format P12 and imported from IIS.

• How to install Soap on the (Apache) Oracle HTTP Server

  Hi,
  Does anyone know how to install SOAP on the Oracle HTTP Server? I downloaded a soap version (it seems that the standard version comes without SOAP) from the xml.apache.org site and followed the installation instructions as far as I could (only Tomcat is described). However, no 'soaping'!!! Maybe I'm overlooking something because I cannot imagine that it should be difficult.
  Thanks in advance!
  Hans

  Hans, the SOAP implementation is part of OC4J. You get it out of the box. Check out how to use the out-of-the-box implementation in the tutorials on Web services with Oracle9i JDeveloper at:
  http://otn.oracle.com/tech/webservices/htdocs/series/content.html
  These tutorials/samples use the implementation of SOAP/WSDL that Oracle calls J2EE Web Services and this is the long term direction of Oracle's Web services implementation. This implementation is what Oracle will be evolving to Sun's Java Web Services Developer Pack as it finalizes into J2EE 1.4.
  If you want to use Oracle/Apache SOAP, this too is included in OC4J but its support is being deprecated in future releases of Oracle9iAS in favour of the J2EE Web Services implementation. To find it, check out the OC4J/soap/webapps/ directory for the soap.ear file (it is in a slightly different spot if you are using the full Oracle9iAS R2 but still within the soap directory structure. Simply add <application name="soap" path="../../../soap/webapps/soap.ear" auto-start="true"/> to your OC4J server.xml and <web-app application="soap" name="soap" root="/soap" /> to your OC4J http-web-site.xml, re-start and away you go.
  Finally, just to be sure, SOAP support in Oracle9iAS did not appear until 1.0.2.2.x and higher. If using 1.0.2.1 or less, you are correct, there is no SOAP support.
  Mike.
  Most folks that try out the J2EE Web Services find it is pretty easy to use so

• Installation of the VeriSign digital certification in Oracle HTTP Server

  I am not obtaining to generate to the pair of keys and the CSR in Oracle HTTP Server, will have some tip I is thankful.
  Thanks
  Leandro

  Hi Leandro,
  Here are some steps to setup digital certificates into Oracle HTTP Server for Unix.
  1. The temporary working directory is /u01/tmp/myssl.
  2. The contents of <9iAS_HOME>/Apache/open_ssl/bin have been copied to the
  temporary working directory created in Assumption #1.
  3. SSL file names are priv.key (private key), certreq.csr (certificate request),
  and cert.crt (SSL certificate). The actual SSL certificate file could be
  named other than 'cert.crt'.
  4. By default, SSL is configured using port 443, which requires ROOT access to
  start the web listener.
  If you want to change this from the default port, you will need to change
  the following two parameters in the httpd.conf file to an unused port number:
  Listen 443
  <VirtualHost default:443>
  5. All necessary UNIX environment variables are set correctly for your Oracle
  product before implementing these procedures.
  6. User must be familiar with UNIX concepts like shell navigation, UNIX
  environments, file manipulation/search, file copy/backups, etc.
  How to Request and Configure an SSL Certificate for Oracle9i Application Server
  Step-by-Step Instructions:
  1. Change your present working directory to the temporary working directory, e.g.,
  /u01/tmp/myssl. Ensure the contents of <9iAS_HOME>/Apache/open_ssl/bin have
  been copied into this temporary working directory.
  2. Copy 5 large files, each at least 250KB, into your temporary working directory.
  Suggest looking in any /bin directory for large sized binary files. Execute
  the following command to generate the random character file:
       % openssl md5 * > rand.rnd
  3. Execute the following command to generate the private key (priv.key):
  % openssl genrsa -rand rand.rnd -des3 1024 > priv.key
       - when prompted, enter a "PEM pass phrase" password
       - re-enter password when prompted to verify password
       -- remember the pass phrase password you entered
       - this command generates the priv.key file and associated pass phrase
       - set permissions on the priv.key file to prevent unauthorized editing
       % chmod 400 priv.key
       - backup the priv.key file to a secure location
  NOTE
  The PEM pass phrase must be at least 4 characters in length. Remember this
  pass phrase, you will be prompted to enter it in the next step and each
  time you start up the Oracle HTTP Server (OHS) in SSL mode.
  Optionally, you can unencrypt the value of the private key, so that you
  will not be prompted for the PEM pass phrase every time you start up OHS
  in SSL mode.
  To unencrypt the private key, execute the following two commands (Note:
  ensure file permissions set to r+w):
       % cp priv.key priv.key.bak
       % openssl rsa -in priv.key.bak -out priv.key
  - the demo certificate shipped with Oracle9iAS does not require a pass
  phrase to start OHS in SSL mode.
  - on UNIX, to generate the certificate request and start OHS in SSL mode,
  the pass phrase must be entered, unless you executed the above steps
  to unencrypt.
  - on Windows NT/2000, if a certificate is used that has a pass phrase,
  the OHS will hang; therefore, on Windows NT/2000, you must execute
  the steps to unencrypt.
  4. Execute the following command to generate an SSL certificate request
  (certreq.csr) based on your private key.
       % openssl req -new -key priv.key -out certreq.csr -config openssl.cnf
       - when prompted, enter the "PEM pass phrase" set when the private key
  was created.
       - when prompted, enter the requested fields that make up the
  Distinguished Name.
       -- each entry must be valid information, i.e., email, state, location, etc.
       - when prompted for the "Common Name", you MUST enter the fully
  qualified name which will be accessed via client browsers; e.g.,
  if clients will use:
  https://mysite.domain.com
       -- then, you must enter mysite.domain.com as the "Common Name"
       - the requested 'extra' attributes, i.e., "challenge password" and
  "optional company name", are OPTIONAL; just hit ENTER to use NULL values.
  5. You should now have the private key and certificate request files (priv.key
  and certreq.csr) in your temporary working directory.
  NOTE
  At this point, you can use your certificate request file 'certreq.csr' to
  order a valid SSL certificate from any CA-vendor, e.g., Verisign.
  After you receive your SSL certificate, skip to Step #6 for instructions
  on how to deploy your SSL files.
  OPTIONAL
  You can start 9iAS in SSL mode (see Step #12) and test the pre-installed demo
  certificate and private key included for testing purposes.
  It is a good idea to test to be sure the Oracle HTTP Server SSL mode works
  successfully before deploying your new SSL certificate. To try these demo
  files, access the 9iAS index page in a browser using the HTTPS protocol and
  the appropriate SSL Listen port. URL format:
  https://myhost.domain.com:<ssl_port>
  The user will see a Security Alert (IE), or New Site Certificate (Netscape)
  warning message, click Continue/Next to accept.
  OPTIONAL
  To create a self-signed certificate, execute the following commands:
  (csh) % setenv RANDFILE rand.rnd
  <sh or ksh> % export RANDFILE=rand.rnd
  % openssl x509 -req -days 30 -in certreq.csr -signkey priv.key > tempcert.crt
  - when prompted, enter the "PEM pass phrase" set when the private key was created.
  - this command generates a temporary self-signed certificate file 'tempcert.crt'
  valid for 30 days, which can be used while awaiting a valid SSL certificate
  purchased from an authorized CA-vendor.
  - if this option is used, after generating the 'tempcert.crt' file, skip to
  Step #6 for instructions on how to deploy your SSL files.
  OPTIONAL
  These steps are specifically for requesting a TRIAL certificate from the
  CA-vendor Verisign.
  - Go to www.verisign.com and click on "Free Guides and Trials" link and
  follow instructions to request a "Free Trial SSL ID". During this process,
  you will be asked to provide certificate request information.
  - Open the 'certreq.csr' file using your text editor of choice.
  - Starting with "-----BEGIN NEW CERTIFICATE REQUEST-----" copy all lines
  including the BEGIN and END of certificate lines.
  - Paste this copied data into the Verisign page where requested and continue.
  - You will see the Verisign web site decode your certificate request
  information. This decoded information is presented to you to verify it is
  correct. If it is, then continue with the process.
  - You will be presented with another set of questions from Verisign. Be sure
  to answer with the correct email address, as this address will be used to
  send your SSL certificate.
  - After you answer all these questions, you will be sent a TRIAL 14-day
  SSL certificate via email.
  - WARNING! You must follow this step carefully, you cannot copy and paste
  information from an email to a new text file. After you get your TRIAL
  certificate, save the entire email message to a text file. Open this file
  using your text editor of choice. You will see the email address header
  information and the line:
  -----BEGIN CERTIFICATE-----
  - Delete all text that appears before the -----BEGIN CERTIFICATE----- line.
  The modified file should contain only certificate information. After you
  delete the email header, save this text file inside your temporary directory
  with the filename 'trialcert.crt'.
  6. Now you are ready to configure Oracle9i Application Server (9iAS) with your
  SSL certificate files.
  7. Back up your existing <9iAS_HOME>/Apache/Apache/conf/httpd.conf file.
  8. Open the httpd.conf file with your text editor of choice.
  9. Edit the following httpd.conf directives to use your generated private key
  and SSL certificate file, which could be the filename for either the
  temporary self-signed certificate, the TRIAL test certificate, or the
  purchased valid certificate. The information following the # symbol are
  comments.
  NOTE
  The directory of the SSL files (private key and certificate file)
  can reside in any location you choose. The temporary working
  directory will continue to be referenced in these procedure steps.
  # use the appropriate (i.e., valid, temporary, or trial) certificate filename
  SSLCertificateFile /u01/tmp/myssl/tempcert.crt
  #private key from Step #4 above:
  SSLCertificateKeyFile /u01/tmp/myssl/priv.key
  10. Save your modified httpd.conf and exit the text editor.
  11. Log in as authorized user (if default ports 80 and 443 are used, ROOT user
  must execute commands in next step).
  12. Execute the following command to stop, then start Apache in SSL mode
  (ensure proper UNIX environments are set; else, execute command from
  <9iAS_HOME>/Apache/Apache/bin.)
  For Oracle8iAS 1.x:
  % httpdsctl stop
  % httpdsctl startssl
  For Oracle9iAS 1.0.2.x:
  % apachectl stop
  % apachectl startssl
  - when prompted, enter the "pass phrase" created in Step #3.
  -- not required if you unencrypted the private key file
  - when the Oracle HTTP Server starts successfully in SSL mode, access the
  9iAS index page in a browser using the HTTPS protocol and the appropriate
  SSL Listen port. URL format:
  https://myhost.domain.com:<ssl_port>
  - if using a temporary self-signed or TRIAL test certificate, the user will
  see a Security Alert (IE), or New Site Certificate (Netscape) warning message,
  click Continue/Next to accept.
  ====================
  I hope this help !!
  Ilan Salviano

• Mod_osso behavior differences with 10gR3 Oracle HTTP Server 2

  We have an install of standalone 10gR3 Oracle HTTP Server 2 (i.e. the Apache 2 version), and have noticed that the behavior of mod_osso is different than the regular 10gR3 Oracle HTTP Server (i.e. the Apache 1 version).
  We use the following in our mod_osso.conf:
  <Location /somepath>
  AuthType Basic
  require valid-user
  </Location>
  First Difference: With OHS 2, when we go to /somepath, we get the error "missing AuthName" in the Apache logs.
  So, we set an AuthName. Now, our mod_osso.conf looks like this:
  <Location /OnDemand>
  AuthType Basic
  AuthName "Oracle Single Sign On"
  require valid-user
  </Location>
  Second Difference: Now, we we go to /somepath, Apache returns a 401, which causes the browser to prompt for credentials! We can enter anything we want in the dialog, and everything will continue as normal (i.e. redirects to the Oracle SSO Server to prompt for credentials, etc).
  So, our question is: Why these behavior differences in 10gR3 OHS 2? It almost seems as if it's using an old 9i mod_osso!
  Thanks,
  - Bill

  Okay, we figured it out.
  Apparently, the three "LoadModule mod_auth*" lines in OHS 2 httpd.conf need to be commented out.
  Now mod_osso is working exactly as with OHS 1.
  - Bill