Implementing SSL for Discoverer 10g
One of the things that you would require to do after an SSL implementation in Oracle Applications is to implement SSL in your Discoverer instance as well.
To use discoverer with Oracle Applications, you must integrate discoverer 10g wihch comes bundled with the 10 g application server.
Middle Tier SSL Only
As mentioned in my earlier posts the 10 application server comes with the infrastructure Tier and middle tier products. The discoverer is a part of the middle tier products. While implementing SSL with Discoverer it is not required to implement SSL on the infrastructure also. Its sufficient to have SSL implementation in your middle tier.in other word infrastructure SSL is
optional.
Current Architecture
Oracle Applications 11.5.10.2 with SSL
Oracle Applications Server 10g
Oracle Discoverer 10g Integrated With Oracle Applications
Operating System Sun Solaris 5.8 64 bit
Oracle Wallet and Certificate Provisioning
To implement the SSL on the middle tier we would need an Oracle Wallet. You have the option to use the default wallet or create your own wallet. Here we choose to create a new wallet.
To implement SSL for the discoverer you can either provision new certificates or you can use the certificates from our Oracle Applications instance.
In the current scenario we will be using the existing certificate from the Oracle Applications.
Set you environment to the 10g middle tier
export ORACLE_HOME=/d01/sam/Mid10g
export PATH=$ORACLE_HOME/bin:$PATH
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
Create a wallet dir in your ORACLE_HOME
cd $ORACLE_HOME
mkdir wallet
Copy Certificate from your Oracle Applications
Copy the following cert files from your application tier to your wallet directory (in my case it was a same server you might have to do a binary FTP)
cp $COMMON_TOP/admin/certs/apache/certs/apache/ssl.crt/server.crt /d01/sam/Mid10g/wallet/
cp $COMMON_TOP/admin/certs/apache/certs/apache/ssl.crt/ca.crt /d01/sam/Mid10g/wallet/
cp $COMMON_TOP/admin/certs/apache/certs/apache/ssl.crt/server.key /d01/sam/Mid10g/wallet/
Convert Certificates
Execute the follwoing from the wallet directory to convert the certificates
$ORACLE_HOME/Apache/Apache/bin/ssl2ossl -cert ./server.crt -key ./server.key -cafile ./ca.crt -wallet . -ssowallet yes
This will create two new files in your wallet
-rw-r–r– 1 sammid dba 6697 Aug 6 10:57 ewallet.p12
-rw——- 1 sammid dba 7441 Aug 6 10:57 cwallet.sso
Run SSL Config
Run the SSL config tool to configure SSL for your middle tier discoverer
SSLConfigTool -config_w_default -secure_admin -opwd <orcladmin password> -ptl_inv_pwd <password>
ssl.conf Change
You must set the Listen and Port directives manually to be the same as this does not get updated as a part of the SSLConfigTool.
Update the repository for DCM
Update the distributed cluster repository using
$ORACLE_HOME/dcm/bin/dcmctl updateConfig -v -d
Set up Secure Tunneling Communication
Log on to the Enterprise Manager IAS Console and navigate to
Server->Discoverer->Discoverer Plus->Communication Protocol and choose ‘Secure Tunneling’ option.
Oracle Applications Profile Options.
Make sure the following profile options in Oracle Application reffer to the correct port and protocol (HTTPS)
ICX_DISCOVERER_LAUNCHER
ICX_DISCOVERER_VIEWER_LAUNCHER
ICX_DISCOVERER_PARAMETERS
Implementing SSL for Discoverer 10g
No comments:
Post a Comment