Posted by
ErmanArslansOracleBlog on
URL: http://erman-arslan-s-oracle-forum.114.s1.nabble.com/OAM-SSL-11-1-2-3-with-EBS-12-1-3-tp7331p7347.html
Hi,
To configure TLS (SSL) ; Configure SSL/TLS between Webgate and Access Manager + EBS itself.
-For Webgate and Access Manager:
Ref:Oracle Fusion Middleware Administrator's Guide for Oracle Access Management: Securing Communication Between OAM Servers and WebGates - Securing Communication provides instructions on how to secure communications between Oracle Access Manager 11g and WebGates.
Also, here is a detailed info for you ->
There are multiple ways for enabling SSL in OAM 11g, I preferred to accomplish it in the following way;
First a created an Oracle wallet by sourcing the OAM envrionment file and using owm. (I prefer creating wallet, because we get used to it.)
Then, I created a certificate request using the wallet I created. (I use the details that my customer delivered to me for inputs)
After creating certificate request, I exported it and send it to customer for getting the server, root and intermediate (if it is available) certificate.
I imported the customer's certificates to Wallet , once I got them. (not that, the certificate format should be base 64 , x.509 format, .cer files...)
Later on, I converted the wallet to a JKS (java keystore), as FMW uses JKS.. Example: source oam env and run ->
$MW_HOME/oracle_common/bin/orapki wallet pkcs12_to_jks -wallet ./mywallet -pwd welcome1 -jksKeyStoreLoc ./mywalletK.jks -jksKeyStorepwd welcome1 -jksTrustStoreLoc ./mywallettrust.jks -jksTrustStorepwd welcome1
After then I jumped into the weblogic console and did all SSL configurations needed there;
Select Environment->Servers and click on the OAM managed server
Then Select the Keystores tab
Select Keystore -> Change
Select Custom Identity and Custome Trust from the drop down list and click Save
Enter the relevant information in the Keystores page:
Custom Identity Keystore : full path of the .jks file
Custom Identity Keystore : JKS (UPPERCASE)
Custom Identity Keystore Passphrase : welcome1
Confirm Custom Identity Keystore Passphrase : welcome1
Custom Trust Keystore : full path of the trust store .jks file
Custom Trust Keystore Type : JKS (UPPERCASE)
Custom Trust Keystore Passphrase : welcome1
Confirm Custom Trust Keystore Passphrase : welcome1
Click Save
After then select the SSL tab and enter the following
Private Key Alias : alias of the server cert gathered from the jks that was created earlier using keytool, it was orakey in my case
Private Key Password : welcome1
Confirm Private Key Password: welcome1
Click Save
Again, Select Environment -> Servers and click on the OAM managed server
Select the General;
Check SSL Listen Port Enabled
Change SSL Listen Port according to your env: in my case; 14443 (use netstat to ensure that it is free)
Click 'Save'
Then opened the oamconsole using adminserver:adminport/oamconsole and did the OAM Server port change (OAM port - ssl port) and OAM Server host change (https) as documented in "
https://docs.oracle.com/cd/E52734_01/oim/IDMIG/idm_ssl.htm#IDMIG32029" , Section 4.2 Configuring SSL on Servers in the OAM Domain -- note that, if you don't dothat, EBS login will still be redirected to the non-ssl OAM login page
Lastly, restart the OAM managed server and Admin Server (just in case, remember, it is the OAM Admin server that redirects to OAM managed server during the EBS login)
You may need to reregister EBS using txkrun.pl , but it should be necessary. Just in case, keep that in mind.