1. Set Your Environment
·
Logon to
the application middle tier as the OS user who owns the middle tier files.
·
Source
your middle tier environment file.
·
Navigate
to the $INST_TOP/ora/10.1.3 and source the .env file to set
your 10.1.3 ORACLE_HOME variables.
Note:- When working with wallets and
certificates you MUST use the 10.1.3 executables.
2. Deploy Certificate across
Environment
export SYSTEM=ajiebs
export SSLDIR=/u01/app/applmgr${SYSTEM}/ssl_renew
export SSLENV=ajiebs.lab.com
mkdir -p $SSLDIR
chmod 700 $SSLDIR
3. Copy new certificate and the
CA certificate to the $SSLDIR directory e.g.
-rw-r--r-- 1 applmgr oinstall 4198 Jul 26 10:30
chain.cer
-rw-r--r-- 1 applmgr oinstall 1794 Jul 26 10:30 ajiebs.lab.com.cer
-rw-r--r-- 1 applmgr oinstall 887 Jul 26 10:30 ajiebs.lab.com.key
4. Create the wallet
cd $SSLDIR
$ORACLE_HOME/Apache/Apache/bin/ssl2ossl
-cert ${SSLENV}.cer -key ${SSLENV}.key -cafile ./chain.cer -wallet . -ssowallet
yes
5. The content of wallet can be
listed e.g.
orapki wallet display -wallet $SSLDIR
Requested Certificates:
Subject: CN=ajiebs.lab.com,OU=Information
Technology,O=Lab Inc.,L=Bangalore,ST=India,C=IN
User Certificates:
Trusted Certificates:
Subject: CN=GTE CyberTrust Global Root,OU=GTE
CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=ajiebs.lab.com,OU=Information
Technology,O=Lab Inc., L=Bangalore,ST=India,C=IN
Subject: CN=Lab Inc. Enterprise Issuing CA1,O=Lab
Inc.
Subject: CN=Lab Inc. Enterprise CA,O=Lab Inc.
6. Determine the current Apache's
wallet directory
·
Which is the
value of s_web_ssl_directory + Apache, by default it's $INST_TOP/certs/Apache
·
Create a
new directory named BAK and move the default wallet's files to there
·
Install
the new wallet
cd $SSLDIR/../
mv ssl ssl_bak_`date +%Y`
mv ssl_renew ssl
Some features of XML Publisher and BI Publisher
require the server certficate to be present in cacerts file.
7. Backup the existing cacerts
file.
cp $OA_JRE_TOP/lib/security/cacerts
$OA_JRE_TOP/lib/security/cacerts.bak.`date +%Y`
8. Add new server cert to
cacerts:
chmod u+w
$OA_JRE_TOP/lib/security/cacerts
keytool -importcert -keystore
$OA_JRE_TOP/lib/security/cacerts -alias ${SSLENV}.`date +%Y`.lab.com -file
${SSLENV}.cer -v
9. When prompted enter the
keystore password.
10. Restart APP Web Tier
11. Restart oacore, forms, web
listener processes
HAPPY
LEARNING!