SSL/TLS Certificate import on Oracle EBS DMZ iSupplier and iRecruitment web portal
Step 1 - Create a wallet.
export PATH=$FMW_HOME/webtier/bin:$FMW_HOME/oracle_common/bin:$PATH
cd s_web_ssl_directory/Apache directory. If it does not exist, create it.
(from the CONTEXT_FILE XML file s_web_ssl_directory=/)
Open the Wallet manager as a background process:
$ owm &
On the Oracle Wallet Manager menu, navigate to Wallet > New.
Answer No to: “Your default wallet directory doesn't exist. Do you wish to create it now?”
New Password is Nizam@12345
Click YES when prompted: “A new empty wallet has been created. Do you wish to create a certificate request at this time?”
Enter the following values:
Common Name: www.nizamappsdba.com (Please provide the appropriate common name)
Organizational Unit: Nizam
Organization: Nizam
Locality/City: Wandoor
State/Province: Kerala
Select your Country from the drop down list. For the Key Size, select 2048 as a minimum. Click OK.
From the menu, click Wallet and then click Save.
On the Select Directory screen, change the directory to your fully qualified wallet directory and click OK.
wallet directory is s_web_ssl_directory/Apache
From the menu, click Wallet and select the Auto Login check box. and Exit Oracle Wallet Manager.
The wallet directory will contain the following files:
applmgr@node1:/erp_appl/apps/fs_ne/inst/ERPDBA_node1/certs/Apache$ ls -ltr total 12
-rw-rw-rw- 1 applmgr oinstall 0 Apr 11 21:12 ewallet.p12.lck
-rw------- 1 applmgr oinstall 2304 Apr 11 21:12 ewallet.p12
-rw-rw-rw- 1 applpmgr oinstall 0 Apr 11 21:14 cwallet.sso.lck
-rw------- 1 applmgr oinstall 2349 Apr 11 21:14 cwallet.sso
Step 2: Copy the wallet and import the certificate
1. import the certificate provided by the customer.
2. add the contents of root certificate, and the intermediate certificate to 10.1.2 Oracle Home :
$ cat RootCA.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
$ cat InterCA.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
cd /erp_appl/apps/fs_ne/inst/ERPDBA_node1/certs/Apache
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ewallet.p12 -trusted_cert -cert /export/home/applprd/wallet/rootca.crt
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ewallet.p12 -trusted_cert -cert /export/home/applprd/wallet/intermediate.crt
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ewallet.p12 -user_cert -cert /export/home/applprd/wallet/server.crt
Step 3: Modify the Oracle HTTP Server Wallet:
Use the following instructions to copy the <s_web_ssl_directory>/Apache wallet to <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default directory location:
1. Navigate to the <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default directory location.
cd /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2/config/OHS/EBS_web_ERPDB/keystores/default
2. Move the existing wallet files to a backup directory in case you wish to use them again in the future.
3. Copy the wallet files from <s_web_ssl_directory>/Apache into the current directory.
Note:
s_ohs_instance_loc= /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS3 for the ISUPP
s_ohs_instance_loc= /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2 for the IREQ
Step 4: Modify the OPMN wallet .
The default location for the OPMN wallet is in the <s_ohs_instance_loc>/config/OPMN/opmn/wallet directory
1. cd /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2/config/OPMN/opmn/wallet
2. Move the existing wallet files to a backup directory in case you wish to use them again in the future.
3. Copy the wallet files from the <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default directory to the current directory.
cp -rp /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2/config/OHS/EBS_web_ERPDBA/keystores/default/cwallet.sso .
Step 5: Restart the application services.
Note: Please do the step 2 & 3 on both run and patch file systems.
Step 1 - Create a wallet.
export PATH=$FMW_HOME/webtier/bin:$FMW_HOME/oracle_common/bin:$PATH
cd s_web_ssl_directory/Apache directory. If it does not exist, create it.
(from the CONTEXT_FILE XML file s_web_ssl_directory=/)
Open the Wallet manager as a background process:
$ owm &
On the Oracle Wallet Manager menu, navigate to Wallet > New.
Answer No to: “Your default wallet directory doesn't exist. Do you wish to create it now?”
New Password is Nizam@12345
Click YES when prompted: “A new empty wallet has been created. Do you wish to create a certificate request at this time?”
Enter the following values:
Common Name: www.nizamappsdba.com (Please provide the appropriate common name)
Organizational Unit: Nizam
Organization: Nizam
Locality/City: Wandoor
State/Province: Kerala
Select your Country from the drop down list. For the Key Size, select 2048 as a minimum. Click OK.
From the menu, click Wallet and then click Save.
On the Select Directory screen, change the directory to your fully qualified wallet directory and click OK.
wallet directory is s_web_ssl_directory/Apache
From the menu, click Wallet and select the Auto Login check box. and Exit Oracle Wallet Manager.
The wallet directory will contain the following files:
applmgr@node1:/erp_appl/apps/fs_ne/inst/ERPDBA_node1/certs/Apache$ ls -ltr total 12
-rw-rw-rw- 1 applmgr oinstall 0 Apr 11 21:12 ewallet.p12.lck
-rw------- 1 applmgr oinstall 2304 Apr 11 21:12 ewallet.p12
-rw-rw-rw- 1 applpmgr oinstall 0 Apr 11 21:14 cwallet.sso.lck
-rw------- 1 applmgr oinstall 2349 Apr 11 21:14 cwallet.sso
Step 2: Copy the wallet and import the certificate
1. import the certificate provided by the customer.
2. add the contents of root certificate, and the intermediate certificate to 10.1.2 Oracle Home :
$ cat RootCA.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
$ cat InterCA.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
cd /erp_appl/apps/fs_ne/inst/ERPDBA_node1/certs/Apache
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ewallet.p12 -trusted_cert -cert /export/home/applprd/wallet/rootca.crt
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ewallet.p12 -trusted_cert -cert /export/home/applprd/wallet/intermediate.crt
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ewallet.p12 -user_cert -cert /export/home/applprd/wallet/server.crt
Step 3: Modify the Oracle HTTP Server Wallet:
Use the following instructions to copy the <s_web_ssl_directory>/Apache wallet to <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default directory location:
1. Navigate to the <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default directory location.
cd /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2/config/OHS/EBS_web_ERPDB/keystores/default
2. Move the existing wallet files to a backup directory in case you wish to use them again in the future.
3. Copy the wallet files from <s_web_ssl_directory>/Apache into the current directory.
Note:
s_ohs_instance_loc= /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS3 for the ISUPP
s_ohs_instance_loc= /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2 for the IREQ
Step 4: Modify the OPMN wallet .
The default location for the OPMN wallet is in the <s_ohs_instance_loc>/config/OPMN/opmn/wallet directory
1. cd /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2/config/OPMN/opmn/wallet
2. Move the existing wallet files to a backup directory in case you wish to use them again in the future.
3. Copy the wallet files from the <s_ohs_instance_loc>/config/OHS/<s_ohs_component>/keystores/default directory to the current directory.
cp -rp /erp_appl/apps/fs2/FMW_Home/webtier/instances/EBS_web_ERPDBA_OHS2/config/OHS/EBS_web_ERPDBA/keystores/default/cwallet.sso .
Step 5: Restart the application services.
Note: Please do the step 2 & 3 on both run and patch file systems.
Follow step 6 only if you are doing first time SSL/TLS setting on EBS
Step 6. Edit this variables in $CONTEXT_FILE on both run and patch file system:
1. s_url_protocol=https
2. s_local_url_protocol=https
3. s_webentryurlprotocol=https
4. s_active_webport=443
5. s_webssl_port=4443
6. s_https_listen_parameter=4443
7. s_login_page=https://www.nizamappsdba.blogspot.com/OA_HTML/IrcVisitor.jsp
8. s_external_url=https://www.nizamappsdba.blogspot.com
9. s_endUserMonitoringURL=http://node1.etisalat.corp.ae:8008/oracle_smp_chronos/oracle_smp_chronos_sdk.gif
11. s_webentryhost=www
12. s_webentrydomain=www.nizamappsdba.blogspot.com
11.Execute Autoconfig on the run file system for the DMZ node.
12. Restart the Application services