KEMBAR78
(UAT) Setup SSL Web Server (LXRRCUSG41) | PDF | System Software | Computing
Scribd
Upload
158 views32 pages

(UAT) Setup SSL Web Server (LXRRCUSG41)

This document provides instructions for setting up SSL for EPM and OBIEE applications on WebLogic. It involves: 1. Stopping all EPM, OBIEE and WebLogic services. 2. Creating a wallet and self-signed root certificate for SSL. 3. Generating a keystore, certificate request and completing certificate. 4. Importing certificates into the keystore and converting it to a wallet. 5. Configuring the wallet manager and making changes to OHS configuration files like SSL.CONF, MOD_WL_OHS.CONF and HTTPD.CONF.

Uploaded by

Charlito Mikolli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
158 views32 pages

(UAT) Setup SSL Web Server (LXRRCUSG41)

This document provides instructions for setting up SSL for EPM and OBIEE applications on WebLogic. It involves: 1. Stopping all EPM, OBIEE and WebLogic services. 2. Creating a wallet and self-signed root certificate for SSL. 3. Generating a keystore, certificate request and completing certificate. 4. Importing certificates into the keystore and converting it to a wallet. 5. Configuring the wallet manager and making changes to OHS configuration files like SSL.CONF, MOD_WL_OHS.CONF and HTTPD.CONF.

Uploaded by

Charlito Mikolli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 32

RRC UOB China

SETUP SSL
EPM & OBIEE
A. Preparation before SSL Setup
1. Stop All EPM Services (APP, WEB , DB & EPMA)
1) Open Directory:

[APP] /app/RRCCN/EPM/Middleware/user_projects/epmsystem1/bin

[DB] /app/RRCCN/Middleware/user_projects/epmsystem2/bin

[WEB] /app/RRCCN/Middleware/user_projects/epmsystem4/bin

Then :

$ ./stop.sh
Stop EPMA Services with Stop EPM System
2. Stop OBIEE Service

1) Open Directory:

/
app/RRCCN/OBIEE/MiddlewareBI/user_projects/domains/bifoundation_doma
in/bin

Then :

$ ./stopManagedWebLogic.sh bi_server1
3. Stop All Web Logic (EPM & OBIEE)

1) For EPM (7001)

Open Directory:

/app/RRCCN/EPM/Middleware/user_projects/domains/EPMSystem/bin

Then :

$ ./stopWebLogic.sh

2) For OBIEE (7002)

Open Directory:

/
app/RRCCN/OBIEE/MiddlewareBI/user_projects/domains/bifoundation_doma
in/bin

Then :

$ ./stopWebLogic.sh

B. Set Java Home Variable


JAVA_HOME=C:\Oracle\Middleware\jdk160_35
C. Create Wallet and Self Signed RootCert
1) Create Folder serverkey inside directory C:\Oracle\Middleware

2) Navigate to directory C:\Oracle\Middleware\oracle_common\bin


3) Create Wallet for RootCert Repo,
orapki wallet create -wallet C:\Oracle\Middleware\serverkey\rootca -pwd
P@ssw0rd

[Refer to Credential Doc.xlsx]

4) Create and Add Sign-in The RootCert into Wallet


orapki wallet add -wallet C:\Oracle\Middleware\serverkey\rootca -dn
CN=PACN,OU=ITD,O=PA,L=Singapore,S=Singapore,C=Singapore -keysize
2048 -self_signed -validity 3650 pwd P@ssw0rd

[Refer to Credential Doc.xlsx]


D.Create KeyStore
1) Create folder ssl_webserver for save the keystore under directory
C:\Oracle\Middleware\serverkey
2) Move to directory: C:\Oracle\Middleware\jdk160_35\bin

3) Then Generate the keystore:

keytool -genkey -alias HYP11124 -keyalg RSA -keystore


C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks -keysize
2048

Enter keystore password as : [Refer to Credential Doc.xlsx] P@ssw0rd

Re-enter : [Refer to Credential Doc.xlsx], P@ssw0rd

Use as below details:

First and Last Name : HYP11124

Name of Organizational Unit : ITD

Name of Organization : PA

City or Locality : Singapore

State or Province : Singapore

Two-Letter Country Code : SG

Correct? Yes

, then Enter to proceed


E. Generate Cert Request (CSR) from the KeyStore
1) Generate CSR from KeyStore :
keytool -certreq -alias HYP11124 -keystore
C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks -file
C:\Oracle\Middleware\serverkey\ssl_webserver\csr.HYP11124.txt

Enter Password KeyStore : [Refer to Credential Doc.xlsx] P@ssw0rd


F. Generate Completing Cert from CSR
1) Move to directory: C:\Oracle\Middleware\oracle_common\bin

orapki cert create -wallet C:\Oracle\Middleware\serverkey\rootca -request


C:\Oracle\Middleware\serverkey\ssl_webserver\csr.HYP11124.txt -cert
C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.txt -validity 3650

Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd


G.Generate RootCert into Text File
1) Generate RootCert into Txt
orapki wallet export -wallet C:\Oracle\Middleware\serverkey\rootca -dn
CN=PACN,OU=ITD,O=PA,L=Singapore,S=Singapore,C=Singapore -cert
C:\Oracle\Middleware\serverkey\rootca.HYP11124.txt

password : P@ssw0rd
H.Import RootCert to KeyStore

1) Move to directory: C:\Oracle\Middleware\jdk160_35\bin

Import the RootCert Txt into KeyStore

keytool -import -trustcacerts -alias PACN -file


C:\Oracle\Middleware\serverkey\rootca.HYP11124.txt -keystore
C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks

password : P@ssw0rd

Enter KeyStore : [Refer to Credential Doc.xlsx]

Trust Certificate : Yes


I. Import Cert into KeyStore
1) Import the Cert into KeyStore :
keytool -import -trustcacerts -alias HYP11124 -file
C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.txt -keystore
C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks

Enter KeyStore Password : [Refer to Credential Doc.xlsx] P@ssw0rd


J. Convert KeyStore to The Wallet
1) Create another Wallet (wallet.HYP11124)
2) Go to C:\Oracle\Middleware\oracle_common\bin

orapki wallet create -wallet


C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124

Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd

Re-Enter Password : [Refer to Credential Doc.xlsx] P@ssw0rd


3) Convert KeyStore to Wallet
orapki wallet jks_to_pkcs12 -wallet
C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124 -keystore
C:\Oracle\Middleware\serverkey\ssl_webserver\HYP11124.jks

Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd

Enter KeyStore (JKS) Password : [Refer to Credential Doc.xlsx] P@ssw0rd


K. Configure Wallet Manager
1) Open the wallet manager from start menu :

2) Choose Wallet and Open.


3) Choose Yes.

4) Choose the Wallet that have been converted from KeyStore(JKS) before as
below.

C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124.sg.uobnet
.com

5) Enter Wallet Password : [Refer to Credential Doc.xlsx] P@ssw0rd


6) All RootCert and Cert already inputted.

7) Choose Wallet and Check Box the Auto Login


8) Then Click SAVE
L. Backup OHS Files Setup (Original After EPMA)
Backup the existing files of SSL.CONF , MOD_WL_OHS.CONF , HTTPD.CONF
C:\Oracle\Middleware\user_projects\epmsystem1\httpConfig\ohs\config\OHS\ohs_
component
1) Backup SSL.CONF , MOD_WL_OHS.CONF , HTTPD.CONF as below

M. OHS Files Setup


Open Directory
C:\Oracle\Middleware\user_projects\epmsystem1\httpConfig\ohs\config\OHS\ohs_
component

1. SSL.CONF
1) Open the ssl.conf on editor text

Make Sure the OHS Listen Port:

Listen 19443
2) Make Sure the script is added :

---------------------------------------------------------------------

NameVirtualHost HYP11124:19443

<VirtualHost HYP11124:19443>

<IfModule ossl_module>

---------------------------------------------------------------------

-------------------------------------------------------------------

#Path to the wallet

SSLWallet SSLWallet "


C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124"

SSLProxyWallet SSLProxyWallet
"C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124"

--------------------------------------------------------------------

File attached
ssl.conf

2. MOD_WL_OHS.CONF
1) Open the mod_wl_ohs.conf.
2) Make Sure the below is added :

WLSSLWallet C:\Oracle\Middleware\serverkey\ssl_webserver\wallet.HYP11124

SecureProxy ON

------------------------------------------------------------------------
3) Change The Port and also add some WLProxySSL ON and pathTrim /,
as below (Follow the red boxes).
Note: Some locationMatch is not visible here. I have added /analytics in
mod_wl_ohs.conf file above also

File attached :

mod_wl_ohs.conf
3. HTTPD.CONF
$ vi httpd.conf

Change the Port Listen (Red Box):

Listen 8080
1) Un-Comment (Erase #) the below Line:
2) Comment (Add #) in below line

File attached :

httpd.conf

You might also like