Look Apps

Oracle Applications DBA APPSLab

  
R12
  • CREATE CUSTOM TOP IN R12
  • RELEASE12 INSTALLATION
  • R12.AD.A.DELTA.4 PATCH
  • APPS R12 SCRIPTS & LOG FILE LOCATIONS
    		•
    APPS 11i
  • ENABLING SSL FOR E-BUSINESS SUITE
  • 11I INSTALLATION(11.5.10.2 on Redhat Linux AS 4.0 ...
  • Replacing Jinitiator with Sun Java JRE for APPS
  • INDIAN LOCALIZATION PATCH
  • Database Upgrade 9.2.0.6 to 10.2.0.2.0 Oracle App...
  • Multi Node to Single Node Cloning
    		•
    10G
  • Installing 10G Application Server
  • 10G DATAPUMP
  • INSTALLING 10G DEVELOPER SUITE ON LINUX MACHINE
    		•
    9i
  • Apply ADI-6 Patch
  • MANUALLY CLONE DATABASE
  • Copy and Rename an Oracle Database - (without expo...
    		•
    linux/Unix
  • LINUX BASICS
    		•
    Training
    Coming Soon
    Search
    Only search this Blog
    GOOGLE Ads
    Coming Soon
    ENABLING SSL FOR E-BUSINESS SUITE
    Wednesday, July 16, 2008
    Enabling SSL for E-business suite


    application version – 11.5.10.2
    database version – 9.2.0.6.0
    Referred metalink document - 123718.1


    Common setups:

    Set this following settings in application user .bash_profile.
    #su – apple
    #vi .bash_profile
    SCRIPT_TOP=/u01/oracle1/viscomn/admin/scripts/visclone_visclone/
    APACHE_TOP=/u01/oracle1/visora/iAS/Apache/
    OPENSSL_TOP=/u01/oracle1/visora/iAS/Apache/open_ssl
    OPENSSL_CONF=/u01/oracle1/visora/iAS/Apache/open_ssl/bin/openssl.cnf

    Save and quit.
    :wq

    Provide certificate for HTTP Server:
    Creating work directory to keep private key as well as certificate files.
    #mkdir /u01/oracle1/viscomn/admin/certs
    # mkdir /u01/oracle1/viscomn/admin/certs/apache
    Sub-directories:
    # mkdir /u01/oracle1/viscomn/admin/certs/apache/ssl.crt
    # mkdir /u01/oracle1/viscomn/admin/certs/apache/ssl.key

    Edit the following value in .xml file.
    #vi /u01/oracle1/visappl/admin/visclone_visclone.xml
    /u01/oracle1/viscomn/admin/certs/apache

    Checking the value of RANDFILE in OPENSSL_CONF,
    It should be
    RANDFILE = $ENV::HOME/.rnd

    Creating server PEM-encoded private key file(apache_1024.key)
    #cd /u01/oracle1/viscomn/admin/certs/apache/
    Execute this following command ,
    $OPENSSL_TOP/bin/openssl genrsa -des3 -out apache_1024.key 1024
    it will ask to enter the PEM pass phrase:oneapps123
    (to avoid confusion give common password for all).

    Go to file $OPENSSL_CONF,
    And edit the follow line
    dir = ./demoCA as
    dir = . /u01/oracle1/viscomn/admin/certs/apache/
    (Specify directory which is created to keep the private and certificate files.
    Generating certificate signing request(CSR).
    #cd /u01/oracle1/viscomn/admin/certs/apache/
    Execute following command,
    $OPENSSL_TOP/bin/openssl req -config $OPENSSL_CONF -new -key apache_1024.key -out apache_1024.csr

    It will ask following details,

    Enter the PEM pass phrase :oneapps123
    Country Name(2 letter code) :IN
    State or Province Name :Karnataka
    Locality Name (e.g., City) :Bangalore
    Organization Name :oneAPPS
    Organizational Unit Name :httpserver
    Common Name :visclone.oneapps.com(hostname of your server)
    E-mail Address :kumaran@oneapps.com

    Remaining you can skip.

    Submitting certificate request(CSR) to certificate authority(CA)

    Go to the website www.verisign.com And search “trial certificate”.
    Just register for trial certificate and finally it will ask you to submit your CSR, copy the apache_1024.csr
    #cat /u01/oracle1/viscomn/admin/certs/apache/apache_1024.csr

    And paste in verisign site.(copy full content of the file, Don’t skip anything) And click submit. You will receive the certificate with in a hour.

    Creating the server PEM-encoded certificate file

    Do the pre-requisites which is mentioned in e-mail, you need to follow only the first step(ROOT CA certificate)
    In first link you will get the ROOT CA certificate copy and save in a.cer format in your local machine.
    Steps for Microsoft browser.
    1. open internet explorertoolsinternet optionscontentcertificatesimportnextselect file types all,select a.ceropennextselect Automatically

    select the certificate store based on the type of the certificateOKfinishYes.
    Steps for firefox browsers:
    1. open firefoxtoolsoptionsAdvancedveiw certificatesAuthoritiesimporta.ceropencheck trust this CA to identity websitesOk.
    Then,
    Copy the certificate which you received in your e-mail and save it as a apache_1024.crt. then ftp to server
    $ ftp 192.9.200.215
    Username:apple
    Password:apple
    ftp>bin
    ftp>hash
    ftp>cd /u01/oracle1/viscomn/admin/certs/apache/
    ftp>put apache_1024.crt




    Creating the file of PEM-encoded Server Certificates(ca.crt)

    From your local machine,
    Open internet explorer.Go to Fileopenbrowse file apache_10247.crt click OK.
    In certificate window click certification path on the first linethen view certificatedetailscopy to filenext select Base-64 encoded X.509nextenter

    name as caexportclose.
    From your local machine,
    ftp 192.9.200.215
    username:apple
    password:apple
    ftp>bin
    ftp>hash
    ftp>cd /u01/oracle1/viscomn/admin/certs/apache/
    ftp>put ca.crt

    Copy server key and certificate :

    In server machine,
    #cd $ COMMON_TOP/admin/certs/apache
    # cp apache_1024.crt $COMMON_TOP/admin/certs/apache/ssl.crt/server.crt
    # cp apache_1024.key $COMMON_TOP/admin/certs/apache/ssl.key/server.key
    # cp $APACHE_TOP/Apache/conf/ssl.crt/ca-bundle.crt $COMMON_TOP/admin/certs/apache/ssl.crt/ca-bundle.crt
    # cp ca.crt $COMMON_TOP/admin/certs/apache/ssl.crt/ca.crt


    Certificate provisioning for Forms 6i Server:

    Create wallet directory.
    #mkdir $COMMON_TOP/admin/certs/forms/
    #su – apple
    #cd $ORACLE_HOME/
    #xhost +
    #export DSIPLAY=192.9.200.215:0.0
    #echo $DISPLAY(check display)
    #export THREADS_FLAG=native
    #cd bin/
    #owm
    In wallet manager,Newselect No for promptcreate wallet password(oneapps123)OkYes.(A empty wallet created..) it will ask the following details.
    Common Name :visclone.oneapps.com
    Organizational unit :Forms
    Organization :oneAPPS
    Locality/City :Bangalore
    State Province :karanataka
    Country :IN
    Key size :512

    -Ok. It will show the message certificate was created submit Certificate Authority.Select wallet and check auto login check box is checked.Save in the

    location $COMMON_TOP/admin/certs/forms



    Submitting Certificate Request(CSR) to Certificate Authority(CA):

    Goto www.verisign.com and search for “trial certificate”.Copy and paste the .csr from the wallet to verisign and submit.


    Creating the server PEM-encoded certificate file

    Do the pre-requisites which is mentioned in e-mail, you need to follow only the first step(ROOT CA certificate)
    In first link you will get the ROOT CA certificate copy and save in a1.cer format in your local machine.
    Steps for Microsoft browser.
    2. open internet explorertoolsinternet optionscontentcertificatesimportnextselect file types all,select a1.ceropennextselect Automatically

    select the certificate store based on the type of the certificateOKfinishYes.
    Steps for firefox browsers:
    2. open firefoxtoolsoptionsAdvancedveiw certificatesAuthoritiesimporta1.ceropencheck trust this CA to identity websitesOk.

    Once you received the certificate save as forms_512.crt and ftp to server,
    ftp 192.9.200.215
    username:apple
    password:apple
    ftp>bin
    ftp>hash
    ftp>cd $COMMON_TOP/admin/certs/forms
    ftp>put forms_512.crt
    ftp>bye


    Import User certificate in to Wallet Manager:


    In wallet manager OperationsImport user certificatescheck radio for select file contains the certificateOk. Give full path of certificate file where

    stored, /u01/oracle1/viscomn/admin/certs/forms/
    Highlight the forms_512.crtOk.(see the message at bottom certificate successfully imported).

    Got the error!
    User certificate import has failed because the CA certificate doesn't exist.
    Do you want to import a CA certificate now?
    Yescheck the radio button for select the file that contains the certificate/u01/oracle1/viscomn/admin/certs/forms/ and highlight the file CA_root.cerOk.


    Configuring SSL with HTTP server

    Make the changes in .xml file http to https
    #vi /u01/oracle1/visappl/admin/visclone_visclone.xml
    %s_url_protocol
    %s_local_url_protocol
    %s_webentryurlprotocol
    %s_frmConnectMode
    %s_apps_portal_url
    %s_webssl_port keep as 443(default)
    %s_active_webport 443
    %s_webport 443
    "s_forms60_wallet">/u01/oracle1/viscomn/admin/certs/forms

    #vi /u01/oracle1/viscomn/html/bin/appsweb.cfg
    connectMode=https
    Edit scripts in the following location,
    #cd $SCRIPT_TOP/adfractl.sh
    f60ctl start port=$FORMS_PORT mode=https exe=f60webmx > $FRMLOG 2>/dev/null
    #SCRIPT_TOP/adfrmctl.sh
    f60ctl start port=$FORMS_PORT mode=https exe=f60webmx > $FRMLOG 2>/dev/null


    Through OAMsitemapautoconfig>configuration wizardforms listener servlet enable
    OAMsitemapautoconfigconfiguration wizardsslenable

    Edit the file,
    #vi $COMMON_TOP/portal/visclone_visclone.xml/aplogon.html
    https://visclone.oneapps.com/oa_servlets/AppsLogin" target=_top (remove the web listener port)

    Clear the cache in this location,
    #sh $SCRIPT_TOP/adapcctl.sh stop (root user)
    #cd $COMMON_TOP/_pages
    #rm –f *
    #sh $SCRIPT_TOP/adapcctl.sh start (root user)

    Bounce all services once.
    If Apache is not starting try to start as a root user. And check the error for Apache logs.

    Labels:

    posted by Lokesh Babu @ 2:39 AM  
    0 Comments:
    Post a Comment
    << Home
     
    About Me

    Name: Lokesh Babu
    Home: Bangalore, Karnataka, India
    About Me:
    See my complete profile
    Previous Post
    Archives
    Links
    Template by

    Blogger Templates

    BLOGGER