1. Set
Your Environment
========================
DB Tier
Navigate
to the $INST_TOP/ora/10.1.3 and
source the .env file to set your 10.1.3 ORACLE_HOME variables
source the .env file to set your 10.1.3 ORACLE_HOME variables
2.
Create a wallet using owm
backup
up the existing wallet under $INST_TOP/certs/Apache
3.
Create a Certificate Request
Enter
all the orginazations details.
4.
Submit the Certificate Request to a Certifying Authority
5.
Import your Server Certificate to the Wallet
6. Update
the JDK Cacerts File under $OA_JRE_TOP/lib/security using keytool
7.
Update the Context File variables.
s_url_protocol
http to https.
s_local_url_protocol
http to https.
s_webentryurlprotocol
http to https.
s_active_webport
same as s_webssl_port.
s_webssl_port
default is 4443.
s_https_listen_parameter
same as s_webssl_port.
s_help_web_agent
url constructed constructed with https protocol and s_webssl_port.
s_login_page
url constructed with https protocol and s_webssl_port.
s_external_url
url constructed with https protocol and s_webssl_port.
8. Run
Autoconfig.
9.
Create a directory wallet under $ORACLE_HOME/appsutil and copy the certificates
under this directory.
For
detailed steps you may refer to Enabling SSL in Oracle E-Business Suite Release
12 [ID 376700.1]
========================
Attach
certs in QC wallet use wallet from amxq01cm01a and copy files to cm01b and
ap01a and ap01b
Apps Tier
Import
certs to Apache Wallet
·
cd $INST_TOP/ora/10.1.3
·
set 10.1.3 env
·
cd $INST_TOP/certs/Apache
·
owm &
·
Wallet Password is apps password.
After
importing certs copy from apache to opmn
·
cp $INST_TOP/certs/Apache/ewallet.p12 $INST_TOP/certs/opmn
·
cp $INST_TOP/certs/Apache/cwallet.sso $INST_TOP/certs/opmn
Importing
to cacerts using keytool
·
cd $OA_JRE_TOP/lib/security
·
savefile cacerts
·
example below and password changeit
o keytool
-import -alias officedepotroot_test -file
/stage/naresh/fprd_certs/verisignRoot.cer -trustcacerts -v -keystore cacerts --
already in keytool
Here
are the details of the Turkey e-Invoice CR. We are backing up the current
wallet, removing it and creating a new one with the new certificate. There
is a test script that is run after the CR to ensure that a connection can be
made successfully with the new certificate.
Login
as oracle on each production exadata database server and set the environment
oprd
cd
$ORACLE_HOME/owm/wallets/oracle
mkdir
oprd_wallet_bkup1
cp
$ORACLE_HOME/owm/wallets/oracle/*
$ORACLE_HOME/owm/wallets/oracle/oprd_wallet_bkup1
rm
$ORACLE_HOME/owm/wallets/oracle/*
Copy
the certificate attached to the SR (Base64.zip) and unzip it to
$ORACLE_HOME/owm/wallets/oracle
The
password for the wallet is set as a Profile Option "EFA: Wallet
Password" defaulted to welcome123
orapki
wallet create -wallet $ORACLE_HOME/owm/wallets/oracle -pwd welcome123
-auto_login
orapki
wallet add -wallet $ORACLE_HOME/owm/wallets/oracle -trusted_cert -cert
"$ORACLE_HOME/owm/wallets/oracle/Base64.cer" -pwd welcome123
To
test the new certificate please run the attached OPRD_Test_Script.sql as APPS
and it should return "PL/SQL procedure successfully completed."
Back-out
Plan:
On
both Exadata database servers:
cp
$ORACLE_HOME/owm/wallets/oracle/oprd_wallet_bkup1
$ORACLE_HOME/owm/wallets/oracle
The
attached test script checks that a connection can be made with the new
certificate:
declare
l_url varchar2(1000) := 'https://connector.efinans.com.tr';
l_http_request utl_http.req;
l_http_response utl_http.resp;
begin
--
Make a HTTP request and get the response.
UTL_HTTP.SET_WALLET('file:/u01/app/oracle/product/12.1.0.2/OPRD/owm/wallets/oracle',
'welcome123'); --Change wallet address/password acc.to your needs
l_http_request := utl_http.begin_request(l_url);
l_http_response := utl_http.get_response(l_http_request);
utl_http.end_response(l_http_response);
end;
No comments:
Post a Comment