Below are the high-level technical steps on how to enable TLS for EBS 12.2:
- Create a wallet for the Oracle HTTP Server.
- Import the certificate into the wallet.
- Configure the Oracle HTTP Server to use TLS.
- Restart the Oracle HTTP Server.
Create a wallet for the Oracle HTTP Server
- Log in to the Oracle HTTP Server as the root user.
- Navigate to the
<FMW_HOME>/webtier/config/OHS/ssldirectory. - Create a new file called
server.jks. - Run the following command to generate a keystore password:
keytool -genkey -alias server -keystore server.jks -storepass password
- Enter a password for the keystore.
- Click Enter.
- Enter the distinguished name for the server.
- Click Enter.
- Click Enter to accept the default values for the other fields.
Import the certificate into the wallet
- Copy the certificate file to the
<FMW_HOME>/webtier/config/OHS/ssldirectory. - Run the following command to import the certificate into the wallet:
keytool -import -alias server -file certificate.crt -keystore server.jks -storepass password
Replace certificate.crt with the name of the certificate file.
Configure the Oracle HTTP Server to use TLS
- Edit the
<FMW_HOME>/webtier/config/OHS/httpd.conffile. - Add the following lines to the file:
SSLEngine on
SSLCertificateFile server.jks
SSLCertificateKeyFile server.jks
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4
- Save the file.
Restart the Oracle HTTP Server
- Stop the Oracle HTTP Server.
- Start the Oracle HTTP Server.
Once you have completed these steps, TLS will be enabled for Oracle EBS 12.2.
Here are some additional things to keep in mind:
- You need to have a valid certificate in order to enable TLS. You can obtain a certificate from a certificate authority (CA).
- You need to configure the Oracle HTTP Server to use the correct cipher suites. Cipher suites are used to encrypt the data that is transferred between the client and the server.
- You need to restart the Oracle HTTP Server after you have made changes to the configuration.
