Erman Arslan's Oracle Forum EBS 12.1/12.0/11i

OAM SSL 11.1.2.3 with EBS 12.1.3

classic Classic list List threaded Threaded
4 messages Options
yaser
Reply | Threaded
Open this post in threaded view
|

OAM SSL 11.1.2.3 with EBS 12.1.3

yaser
I was readying your article about the above subject
here
http://ermanarslan.blogspot.com/2016/10/oamebs-enable-ssl-in-oam-11g.html

can you please provide more details about the steps
which Oracle Metalink note you followed?


I have load balancer and it redirect to https 4443 (OAM) and this should be redirected to open EBS
(443)
what is the minim steps to be done?
I should have certificate?
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: OAM SSL 11.1.2.3 with EBS 12.1.3

ErmanArslansOracleBlog
Administrator
If you want to have a ssl configuration then yes, you have to have a ssl certificate signed by a certified authority.
It depends on the way that you configure your ssl.
If you want to use a load balancer and want it to do all the ssl work (ssl offloading), then you should implement ssl on the load balancer side.
However, if you want a full path ssl setup, then you need to implement ssl on all the components including OAM, EBS's oracle http server and EBS WLS managed servers.

So the minimum steps change accordingly.
yaser
Reply | Threaded
Open this post in threaded view
|

Re: OAM SSL 11.1.2.3 with EBS 12.1.3

yaser
Thanks for the answer May I have the detailed steps to configure SSL  on  OAM ( All the rest I have it)

On Sunday, April 21, 2019, 3:41:09 PM GMT+3, ErmanArslansOracleBlog [via Erman Arslan's Oracle Forum] <[hidden email]> wrote:


If you want to have a ssl configuration then yes, you have to have a ssl certificate signed by a certified authority.
It depends on the way that you configure your ssl.
If you want to use a load balancer and want it to do all the ssl work (ssl offloading), then you should implement ssl on the load balancer side.
However, if you want a full path ssl setup, then you need to implement ssl on all the components including OAM, EBS's oracle http server and EBS WLS managed servers.

So the minimum steps change accordingly.

If you reply to this email, your message will be added to the discussion below:
http://erman-arslan-s-oracle-forum.2340467.n4.nabble.com/OAM-SSL-11-1-2-3-with-EBS-12-1-3-tp7331p7335.html
To unsubscribe from OAM SSL 11.1.2.3 with EBS 12.1.3, click here.
NAML
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: OAM SSL 11.1.2.3 with EBS 12.1.3

ErmanArslansOracleBlog
Administrator
Hi,
To configure TLS (SSL) ; Configure SSL/TLS between Webgate and Access Manager + EBS itself.
      -For Webgate and Access Manager:
         Ref:Oracle Fusion Middleware Administrator's Guide for Oracle Access Management: Securing Communication Between OAM Servers and WebGates  - Securing Communication provides instructions on how to secure communications between Oracle Access Manager 11g and WebGates.

Also, here is a detailed info for you ->

There are multiple ways for enabling SSL in OAM 11g, I preferred to accomplish it in the following way;

First a created an Oracle wallet by sourcing the OAM envrionment file and using owm. (I prefer creating wallet, because we get used to it.)
Then, I created a certificate request using the wallet I created. (I use the details that my customer delivered to me for inputs)
After creating certificate request, I exported it and send it to customer for getting the server, root and intermediate (if it is available) certificate.
I imported the customer's certificates to Wallet , once I got them. (not that, the certificate format should be base 64 , x.509 format, .cer files...)
Later on, I converted the wallet to a JKS (java keystore), as  FMW uses JKS.. Example: source oam env and run ->
$MW_HOME/oracle_common/bin/orapki wallet pkcs12_to_jks -wallet ./mywallet -pwd welcome1 -jksKeyStoreLoc ./mywalletK.jks -jksKeyStorepwd  welcome1  -jksTrustStoreLoc ./mywallettrust.jks -jksTrustStorepwd welcome1
After then I jumped into the weblogic console and did all SSL configurations needed there;
Select Environment->Servers and click on the OAM managed server
Then Select the Keystores tab
Select Keystore -> Change
Select Custom Identity and Custome Trust from the drop down list and click Save
Enter the relevant information in the Keystores page:
Custom Identity Keystore : full path of the .jks file
Custom Identity Keystore : JKS  (UPPERCASE)
Custom Identity Keystore Passphrase : welcome1
Confirm Custom Identity Keystore Passphrase : welcome1
Custom Trust Keystore : full path of the trust store .jks file
Custom Trust Keystore Type : JKS (UPPERCASE)
Custom Trust Keystore Passphrase : welcome1
Confirm Custom Trust Keystore Passphrase : welcome1
Click Save
After then select the SSL tab and enter the following
Private Key Alias : alias of the server cert gathered from the jks that was created earlier using keytool, it was orakey in my case
Private Key Password : welcome1
Confirm Private Key Password: welcome1
Click Save
Again, Select Environment -> Servers and click on the OAM managed server
Select the General;
Check SSL Listen Port Enabled
Change SSL Listen Port according to your env:  in my case; 14443 (use netstat to ensure that it is free)
Click 'Save'
Then opened the oamconsole using adminserver:adminport/oamconsole and did the OAM Server port change (OAM port - ssl port) and OAM Server host change (https) as documented in "https://docs.oracle.com/cd/E52734_01/oim/IDMIG/idm_ssl.htm#IDMIG32029" , Section 4.2 Configuring SSL on Servers in the OAM Domain -- note that, if you don't dothat, EBS login will still be redirected to the non-ssl OAM login page
Lastly, restart the OAM managed server and Admin Server (just in case, remember, it is the OAM Admin server that redirects to OAM managed server during the EBS login)
You may need to reregister EBS using txkrun.pl , but it should be necessary. Just in case, keep that in mind.
Free forum by Nabble Edit this page