This article provides a step-by-step guide on how to create and manage SSL/TLS wallets using Orapki to secure your Oracle HTTP Server. The article explains what an SSL/TLS wallet is and how it is used with Oracle HTTP Server to establish secure connections over HTTPS.
Follow the instructions to configure OHS with SSL and a wallet file, including converting a JKS keystore file to a PKCS12 wallet and editing the ssl.conf file.
What is A “Wallet” for Oracle HTTP Server with orapki?
A “Wallet” for Oracle HTTP Server with orapki refers to a file that contains the digital certificates and private keys needed to establish secure connections using SSL/TLS. Oracle HTTP Server is a web server component of Oracle Fusion Middleware that supports HTTPS, and orapki is a command-line utility that can be used to manage SSL/TLS certificates and keys.
To use SSL/TLS with Oracle HTTP Server, you typically need to create a wallet using the orapki command-line utility. The wallet is a file that contains the SSL/TLS certificates and private keys, as well as any trusted CA certificates needed to validate remote server certificates.
You can use orapki to create a new wallet, add certificates and private keys to an existing wallet, and manage the wallet’s contents. Once you have created a wallet, you can configure Oracle HTTP Server to use it to establish secure connections over HTTPS.
Create a Wallet for Oracle HTTP Server with orapki
Configure OHS with SSL and a wallet file
To configure OHS with SSL and a wallet file, follow these steps:
1.Begin by creating the necessary wallet files and directory using:
$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet $DOMAIN_HOME/walletname -pwd password -auto_login
2. Next, you will need to convert the JKS keystore file to a PKCS12 wallet using Orapki. You can refer to our guide on configuring a JKS Keystore for detailed instructions.
$ORACLE_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet $DOMAIN_HOME/walletname -pwd password -keystore $DOMAIN_HOME/keystorename.jks -jkspwd passwordforjks
3. Now, you must include this file in the OHS ssl.conf configuration file. To do so, simply edit the file via the web console at http://ohsserver:7001/em.
OHS Advanced Configuration
Begin by clicking on the “Advanced Configuration” option for OHS.
Edit the ssl.conf file
Next, proceed to edit the ssl.conf file:
Finally, restart all services and verify the OHS log for any errors.