Configuring SSL in Oracle Fusion Middleware 6-15 This page shows what hosts are currently configured, and whether they are configured for http or https. 4. Select the virtual host you wish to update, and click Configure, then SSL Configuration . The SSL Configuration page appears. 5. You can convert an https port to http by simply unchecking Enable SSL. To configure SSL for a virtual host that is currently using http: ■ Check the Enable SSL box. ■ Select a wallet from the drop-down list. ■ From the Server SSL properties, select the SSL authentication type, cipher suites to use, and the SSL protocol version. Note: The default values are appropriate in most situations. 6-16 Oracle Fusion Middleware Administrators Guide 6. Click OK to apply the changes. 7. On Windows platforms only, open Windows Explorer and navigate to your cwallet.sso file. Under properties, security, add SYSTEM in group or user names. 8. Restart the Oracle HTTP Server instance by navigating to Oracle HTTP Server, then Control, then Restart. 9. Open a browser session and connect to the port number that was SSL-enabled.

6.4.3.2 Enable SSL for Inbound Requests to Oracle HTTP Server Virtual Hosts Using WLST

Take these steps: 1. Determine the virtual hosts for this Oracle HTTP Server instance by running the following command: listListenersinst1,ohs1 This command lists all the virtual hosts for this instance; select the one that needs to be configured for SSL. For example, you can select vhost1. 2. Configure the virtual host with SSL properties: configureSSLinst1, ohs1, ohs, vhost1 3. On Windows platforms only, open Windows Explorer and navigate to your cwallet.sso file. Under properties, security, add SYSTEM in group or user names.

6.4.3.3 Enable SSL for Outbound Requests from Oracle HTTP Server

You enable SSL for outbound requests from Oracle HTTP Server by configuring mod_ wl_ohs. The steps are as follows: 1. Generate a custom keystore for Oracle WebLogic Server see Section 6.5.1, Configuring SSL for Oracle WebLogic Server containing a certificate. 2. Import the certificate used by Oracle WebLogic Server from Step 1 into the Oracle HTTP Server wallet as a trusted certificate. You can use any available utility such as WLST or Fusion Middleware Control for this task. Note: The choice of authentication type determines the available cipher suites, and the selected cipher suites determine the available protocol versions. For more information about ciphers and protocol versions, see Section 6.9.28, Properties Files for SSL . Note: ■ configureSSL uses defaults for all SSL attributes; see Table 6–5 for details. ■ We could also specify a properties file as a parameter to configureSSL; see Table 6–4 for details. Configuring SSL in Oracle Fusion Middleware 6-17 3. Edit the Oracle HTTP Server configuration file INSTANCE_ HOMEconfigOHSohs1ssl.conf and add the following line to the SSL configuration under mod_weblogic: WlSSLWallet ORACLE_INSTANCE}configCOMPONENT_TYPECOMPONENT_ NAMEkeystoresdefault where default is the name of the Oracle HTTP Server wallet in Step 2. Here is an example of how the configuration should look: IfModule mod_weblogic.c WebLogicHost myweblogic.server.com WebLogicPort 7002 MatchExpression .jsp SecureProxy On WlSSLWallet ORACLE_INSTANCEconfigOHSohs1keystoresdefault IfModule Save the file and exit. 4. On Windows platforms only, open Windows Explorer and navigate to your cwallet.sso file. Under properties, security, add SYSTEM in group or user names. 5. Restart Oracle HTTP Server to activate the changes. 6. Ensure that your Oracle WebLogic Server instance is configured to use the custom keystore generated in Step 1, and that the alias points to the alias value used in generating the certificate. Restart the Oracle WebLogic Server instance. mod_wl_ohs also supports two-way SSL communication. To configure two-way SSL: 1. Perform Steps 1 through 4 of the preceding procedure for one-way SSL. 2. Generate a trust store, trust.jks, for Oracle WebLogic Server. The keystore created for one-way SSL Step 1 of the preceding procedure could also be used to store trusted certificates, but it is recommended that you create a separate truststore for this procedure. 3. Export the user certificate from the Oracle HTTP Server wallet, and import it into the truststore created in Step 2. You can use any available utility such as WLST or Fusion Middleware Control for export, and the keytool utility for import. 4. From the Oracle WebLogic Server Administration Console, select the Keystores tab for the server being configured. 5. Set the custom trust store with the trust.jks file location of the trust store that was created in Step 2 use the full name. 6. Set the keystore type as JKS, and set the passphrase used to create the keystore. 7. Under the SSL tab, ensure that Trusted Certificate Authorities is set as from Custom Trust Keystore .

6.5 Configuring SSL for the Middle Tier

Using SSL in the middle tier includes: ■ SSL-enabling the application server ■ SSL-enabling components and applications running on the application server