Configuring SSL in Oracle Fusion Middleware 6-17 3. Edit the Oracle HTTP Server configuration file INSTANCE_ HOMEconfigOHSohs1ssl.conf and add the following line to the SSL configuration under mod_weblogic: WlSSLWallet ORACLE_INSTANCE}configCOMPONENT_TYPECOMPONENT_ NAMEkeystoresdefault where default is the name of the Oracle HTTP Server wallet in Step 2. Here is an example of how the configuration should look: IfModule mod_weblogic.c WebLogicHost myweblogic.server.com WebLogicPort 7002 MatchExpression .jsp SecureProxy On WlSSLWallet ORACLE_INSTANCEconfigOHSohs1keystoresdefault IfModule Save the file and exit. 4. On Windows platforms only, open Windows Explorer and navigate to your cwallet.sso file. Under properties, security, add SYSTEM in group or user names. 5. Restart Oracle HTTP Server to activate the changes. 6. Ensure that your Oracle WebLogic Server instance is configured to use the custom keystore generated in Step 1, and that the alias points to the alias value used in generating the certificate. Restart the Oracle WebLogic Server instance. mod_wl_ohs also supports two-way SSL communication. To configure two-way SSL: 1. Perform Steps 1 through 4 of the preceding procedure for one-way SSL. 2. Generate a trust store, trust.jks, for Oracle WebLogic Server. The keystore created for one-way SSL Step 1 of the preceding procedure could also be used to store trusted certificates, but it is recommended that you create a separate truststore for this procedure. 3. Export the user certificate from the Oracle HTTP Server wallet, and import it into the truststore created in Step 2. You can use any available utility such as WLST or Fusion Middleware Control for export, and the keytool utility for import. 4. From the Oracle WebLogic Server Administration Console, select the Keystores tab for the server being configured. 5. Set the custom trust store with the trust.jks file location of the trust store that was created in Step 2 use the full name. 6. Set the keystore type as JKS, and set the passphrase used to create the keystore. 7. Under the SSL tab, ensure that Trusted Certificate Authorities is set as from Custom Trust Keystore .

6.5 Configuring SSL for the Middle Tier

Using SSL in the middle tier includes: ■ SSL-enabling the application server ■ SSL-enabling components and applications running on the application server