Configuring OHS 12c for HTTPS Communication
Oracle 12c introduced back the old Oracle concept of Wallets, while standard keystores can still be used, this post focuses on the configuration using Oracle Wallets.
CREATE CSR AND SLL CERTS USING WALLETS
3. Create CSR (certificate request), you pass the DN for the certificate, usually your sitename and the company
4. Export CSR, now that you have created the CSR, we need to export it to a file we can send to the certification Authority. The following command will create a file server.csr containing the CSR
5. Now, you will need to request a certification authority using the generated file, i.e. goDaddy in my case, for a SSL certificate, they will send you the certificate as well as the root and intermediate certificates required,
6. Once the cert authority creates the certificate, you will need to first import root certificate, sometimes they will give it to you as part of the bundle, in my case, it was not present and I have to downloaded it from their website (gdroot-g2.crt from goDaddy), you need all the certificates in the SSL chain.
7. Now import any other certificate in the chain, I got this one as part of the bundle they sent me
8. Finally, import the cert itself
9. You can validate that the certificates have been imported using the following command.
CONFIGURE OHS for SSL
Now that we have a wallet, we need to tell OHS to use it, by default, 12c has already a virtualhost configured for SSL, so we only have to update it and specify the new wallet. In my case I have a stand-alone installation, if you have an OHS with Enterprise Manager configured most of this can be done from the Web Console, but the manual work works in both scenarios1. Edit the ssl.conf file under the configuration folder for the instance.
Set the SSLWallet directive to the directory were we saved the wallet
2. Stop OHS
3. Start OHS
4. You can test the configuration on the default SSL port for OHS 4443
MAKE HTTP RUN ON PRIVILEGED PORTS
If you want to just use the https URL without any ports, you will need to modify OHS to run on the port 443, for plain http the port is 80.
1. Change the permissions on the launch file
sudo chmod 4750 $ORACLE_HOME/ohs/bin/launch
Modify the Listen Directive from the default 7777 to 80
Also, modify or add if it doesn't exist the following directives with the linux user and group that own the OHS installation
Group opc
3. for SSL, edit hte same ssl.conf as before and modify the Listen directive from the default 4443, to 443
Also, update the virtual host directive to use the same port
4. Stop OHS
5. Start OHS
6. You can test now without the ports
http://mysite..com