Tuesday, June 4, 2013

Implementing SSL for Discoverer 10g

Implementing SSL for Discoverer 10g


One of the things that you would require to do after an SSL implementation in Oracle Applications is to implement SSL in your Discoverer instance as well.

To use discoverer with Oracle Applications, you must integrate discoverer 10g wihch comes bundled with the 10 g application server.


Middle Tier SSL Only

As mentioned in my earlier posts the 10 application server comes with the infrastructure Tier and middle tier products. The  discoverer is a part of the middle tier products. While implementing SSL with Discoverer it is not required to implement SSL on the infrastructure also. Its sufficient to have SSL implementation in your middle tier.in other word infrastructure SSL is

optional.


Current Architecture

Oracle Applications 11.5.10.2 with SSL

Oracle Applications Server 10g

Oracle Discoverer 10g Integrated With Oracle Applications

Operating System Sun Solaris 5.8 64 bit


Oracle Wallet and Certificate Provisioning

To implement the SSL on the middle tier we would need an Oracle Wallet. You have the option to use the default wallet or  create your own wallet. Here we choose to create a new wallet.


To implement SSL for the discoverer you can either provision new certificates or you can use the certificates from our Oracle  Applications instance.

In the current scenario we will be using the existing certificate from the Oracle Applications.


Set you environment to the 10g middle tier

export ORACLE_HOME=/d01/sam/Mid10g

export PATH=$ORACLE_HOME/bin:$PATH

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib


Create a wallet dir in your ORACLE_HOME

cd $ORACLE_HOME

mkdir wallet


Copy Certificate from your Oracle Applications 

Copy the following cert files from your application tier to your wallet directory (in my case it was a same server you might have to do a binary FTP)

cp $COMMON_TOP/admin/certs/apache/certs/apache/ssl.crt/server.crt /d01/sam/Mid10g/wallet/

cp $COMMON_TOP/admin/certs/apache/certs/apache/ssl.crt/ca.crt /d01/sam/Mid10g/wallet/

cp $COMMON_TOP/admin/certs/apache/certs/apache/ssl.crt/server.key /d01/sam/Mid10g/wallet/


Convert Certificates

Execute the follwoing from the wallet directory to convert the certificates

$ORACLE_HOME/Apache/Apache/bin/ssl2ossl -cert ./server.crt -key ./server.key -cafile ./ca.crt -wallet . -ssowallet yes


This will create two new files in your wallet

-rw-r–r–   1 sammid  dba         6697 Aug  6 10:57 ewallet.p12

-rw——-   1 sammid  dba         7441 Aug  6 10:57 cwallet.sso


Run SSL Config

Run the SSL config tool to configure SSL for your middle tier discoverer


SSLConfigTool -config_w_default -secure_admin -opwd <orcladmin password> -ptl_inv_pwd <password>


ssl.conf Change

You must set the Listen and Port directives manually to be the same as this does not get updated as a part of the SSLConfigTool.


Update the repository for DCM

Update the distributed cluster repository using

$ORACLE_HOME/dcm/bin/dcmctl updateConfig -v -d


Set up Secure Tunneling Communication

Log on to the Enterprise Manager IAS Console and navigate to

Server->Discoverer->Discoverer Plus->Communication Protocol and choose ‘Secure Tunneling’ option.



Oracle Applications Profile Options.

Make sure the following profile options in Oracle Application reffer to the correct port and protocol (HTTPS)

ICX_DISCOVERER_LAUNCHER

ICX_DISCOVERER_VIEWER_LAUNCHER

ICX_DISCOVERER_PARAMETERS



Implementing SSL for Discoverer 10g

No comments:

Post a Comment