Enabling SSL for Oracle Application Server 10g

Introduction

This short post is to show you how we can enable SSL for application server console.

Concept

Application server console uses the management agents to get the real time information about the various components installed on the server. The agents run on the host and continuously monitor the usage. Agents passes on the required matrix information to Application server console. For there there should be a connection between the management agents running on the host and the application server console (Which is a J2EE application deployed on stand alone OC4J instance). This connection is a insecure HTTP connection as shown in the below figure.

As you can see Management agents talks to application server instance / components using insecure HTTP protocol to get the current status and performance matrix values and these values are returned to Application Server console. Also application server console uses DCM to configure various components and hence connection exists between the two as well.

Clients or the users, uses web browsers to connection AS console. This again is done using insecure HTTP protocol.

We can secure the protocol between web browsers – AS console and also between AS console – Management Agents. The above figure gets modified as shown below.

Here you can see that there is a secured protocol HTTPS exists between web browsers and AS console and also between AS console and management agents. This can be done using the simple command as shown below.

1) You can login to the infra tier of AS 10g and go to ORACLE_HOME/bin

2) Run command

./emctl stop iasconsole
Oracle Enterprise Manager 10g Application Server Control Release 10.1.2.0.2
Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.
http://appserv1.acme.com:1811/emd/console/aboutApplication
Stopping Oracle Enterprise Manager 10g Application Server Control …  …
Stopped.

./emctl secure iasconsole
Oracle Enterprise Manager 10g Application Server Control Release 10.1.2.0.2
Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.
http://appserv1.acme.com:1811/emd/console/aboutApplication
Generating Standalone Console Root Key (this takes a minute)…   Done.
Fetching Standalone Console Root Certificate…   Done.
Generating Standalone Console Agent Key…   Done.
Storing Standalone Console Agent Key…   Done.
Generating Oracle Wallet for the Standalone Console Agent…   Done.
Configuring Agent for HTTPS…   Done.
EMD_URL set in /dsk02/oracle/appserv1/sysman/config/emd.properties
Generating Standalone Console Java Keystore…   Done.
Configuring the website …   Done.
Updating targets.xml …    Done.

./emctl start iasconsole

3) Execute the above steps to mid tier as well.

Once above steps are completed you can access the same AS console page using HTTPS prototype. The hostname and port remains same.

Hope this helps !!

References:

Oracle Online Docs

Advertisements

2 thoughts on “Enabling SSL for Oracle Application Server 10g

  1. Best Answer for SSL Technical info.
    Thanks a lot for giving such good technical information about SSL configuration.

    Thanks & Regards
    Mohammed Khalid

  2. I didn’t know you can do this with a SSL certificate. Is this a special type of certificate or it doesn’t matter? I’m asking because I bought mine from an UK registrar and the domain I will be using it on is targetted for the US.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s