Configure SSL on OHS

STEP 1

The first step is to generate private and public keys make use of Keytool in order to generate this key pair.

cd C:\Program Files\Java\jdk1.8.0_211\bin>

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks

Enter keystore password:

Re-enter new password:

What is your first and last name?                   [Unknown]:  wls12c.xxxx.com

What is the name of your organizational unit?   [Unknown]:

What is the name of your organization?           [Unknown]:

What is the name of your City or Locality?           [Unknown]:  kuwait

What is the name of your State or Province?           [Unknown]:

What is the two-letter country code for this unit?    [Unknown]:  KW

Is CN=wls12c.xxxx.com, OU=Unknown, O=Unknown, L=kuwait, ST=Unknown, C=KW correct?

  [no]:  yes

STEP 2

Generate CSR format file and send it to the respective provider or Certificate Authority for signed certificate creation.

keytool -certreq -alias server -file wls12c.xxxx.com.csr -keystore keystore.jks

STEP 3

Once the Certificate Authority has created and delivered the corresponding signed certificate, import into JKS.

For p7b Format : 

keytool -import -alias server -trustcacerts -file wls12c.xxxx.com.p7b  -keystore keystore.jks

Importing individual Certs in following Sequence        Root Certificate

                                                                                                   |

                                                                                    Intermediate Certificate

                                                                                                   |

                                                                                         Server Certificate

Root Cert :

keytool -import -alias rootCA -trustcacerts -file ROOTCERTCA.crt  -keystore keystore.jks

Intermediate Cert : 

    keytool -import -alias InterCA -trustcacerts -file InterCA.crt  -keystore keystore.jks

User Cert

    keytool -import -alias ServerCA -trustcacerts -file wls12c.xxxx.com.kw.crt  -keystore keystore.jks

For Single Certificate specific to Server

    keytool -import -alias server -trustcacerts -file C:\MEdia\wls12c.cer -keystore keystore.jks

STEP 4 

• Create WALLET

            Default Wallet Location

            $DOMAIN_HOME\config\fmwconfig\components\OHS\instances\ohs1\keystores\default

• Backup Default folder.
• Create empty folder name it as default
• Create Wallet

    cd C:\Oracle\Middleware\OHS_home\oracle_common\bin\

orapki wallet create -wallet C:\Oracle\Middleware\OHS_home\user_projects\domains\b2\config\fmwconfig\components\OHS\instances\ohs1\keystores\default -auto_login -pwd Letmein123

STEP 5

Import JKS to Wallet

cd C:\Oracle\Middleware\OHS_home\oracle_common\bin\

orapki wallet jks_to_pkcs12 -wallet C:\Oracle\Middleware\OHS_home\user_projects\domains\b2\config\fmwconfig\components\OHS\instances\ohs1\keystores\default -pwd Letmein123 -keystore C:\MEdia\keystore.jks -jkspwd Letmein123

STEP 6

• Make sure wallet path and Listen port is properly updated in ssl.conf file.
• Once Certificate is imported to Wallet - Restart OHS Service 

cd C:\Oracle\Middleware\OHS_home\user_projects\domains\b2

    stopComponent.cmd     ohs1         Enter the Node manager password

    startComponent            ohs1        Enter the Node manger password

Access the OHS URL through

        https://wls12c.xxxx.com

STEP 7

Configure Application Redirection through OHS by updating mod_wl_ohs.conf

<IfModule weblogic_module>

    <Location /sample>

            SetHandler weblogic-handler

            WebLogicHost wls12c.xxxx.com

            WebLogicPort 7003

    </Location>

</IfModule>

Restart OHS